<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Great, thanks for the feedback! As a quick note about checksums, I
worry that people who <i>would</i> verify the checksum, they might
leave it at that and not check the PGP signature. Perhaps we should
leave out a MD5/SHA1 checksum and just include a PGP signature, so
that they would be pushed to do a more secure verification...sort of
as a way to encourage better security practices. Or would that just
be counterproductive?<br>
<br>
The website and downloads are all forced HTTPS, using a valid cert
(at least in my browser).<br>
<br>
Dan<br>
<br>
On Fri 19 Oct 2012 07:20:17 PM EDT, Hans-Christoph Steiner wrote:<br>
<blockquote type="cite"><br>
<br>
This is a good idea for sure. One thing would be to use SHA1
instead of MD5.<br>
Its only a little longer and still not cracked. A PGP signature is
good for<br>
people who actually check these things. For the PGP sig to be
effective, the<br>
downloads should be signed by a key that is signed by as many
other keys as<br>
possible so that people can find a chain of trust to that key.<br>
<br>
For most people, they'll never check a hash or a signature. One
thing that is<br>
not hard to setup and transparent to the user is to force HTTPS
for the<br>
downloads, and have a real, valid cert.<br>
<br>
About the download page layout, I think that next to the binaries,
there<br>
should be the source code. I don't think having olsrd plugins
there would be<br>
useful since as far as I know they are all distributed as part of
olsrd<br>
itself, and never outside of it.<br>
<br>
.hc<br>
<br>
On 10/19/2012 05:05 PM, Dan Staples wrote:<br>
<blockquote type="cite"><br>
I'd like to bring up the issue of how to best give users the
ability to<br>
verify the integrity and authenticity of Commotion binaries and
source<br>
code they download from the website. Currently, our redmine
provides<br>
md5 checksums of our OpenWRT images. Without even getting into
the<br>
weaknesses of the md5 algorithm (which may or may not be
relevant here),<br>
a checksum doesn't let the user verify that the image they
download is<br>
in fact authentic (e.g. in the case of a man-in-the-middle
attack or a<br>
compromised server).<br>
<br>
The TAILS project provides the PGP signature of their ISO image
on their<br>
download page (<a class="moz-txt-link-freetext" href="https://tails.boum.org/download/index.en.html">https://tails.boum.org/download/index.en.html</a>). I
like<br>
this approach because the user is able to check both the
integrity and<br>
authenticity of their download. What would folks think about
using a<br>
PGP signature instead or in addition to an md5 checksum? Another
ideas<br>
is that we could instruct users to use web of trust and public
key<br>
servers to retrieve and verify the PGP signing key, instead of
getting<br>
it from our website. Of course, this brings up the question of
who<br>
would own and manage the signing key for Commotion...<br>
<br>
Finally, attached is a screenshot of a Downloads page for the
Commotion<br>
website I'm putting together. Right now it just has OpenWRT, but<br>
Android will also be added. If anyone has suggestions for what
else<br>
should go on the page or what should be different, please let me
know. <br>
Here (or maybe elsewhere?) we could also list the features that
are in<br>
development or planned, but aren't a part of the core Commotion<br>
repositories (like OLSRd plugins), and there would be links out
to these<br>
sub-projects.<br>
<br>
Dan Staples<br>
<br>
<br>
<br>
_______________________________________________<br>
Commotion-dev mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
<a class="moz-txt-link-freetext" href="http://lists.chambana.net/mailman/listinfo/commotion-dev">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
Commotion-dev mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
<a class="moz-txt-link-freetext" href="http://lists.chambana.net/mailman/listinfo/commotion-dev">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
<br>
<pre class="moz-signature" cols="72">--
Dan Staples
Program Associate, Open Technology Institute
New America Foundation</pre>
</blockquote>
</body>
</html>