[Commotion-dev] Commotion download security
Hans-Christoph Steiner
hans at guardianproject.info
Fri Oct 19 23:20:17 UTC 2012
This is a good idea for sure. One thing would be to use SHA1 instead of MD5.
Its only a little longer and still not cracked. A PGP signature is good for
people who actually check these things. For the PGP sig to be effective, the
downloads should be signed by a key that is signed by as many other keys as
possible so that people can find a chain of trust to that key.
For most people, they'll never check a hash or a signature. One thing that is
not hard to setup and transparent to the user is to force HTTPS for the
downloads, and have a real, valid cert.
About the download page layout, I think that next to the binaries, there
should be the source code. I don't think having olsrd plugins there would be
useful since as far as I know they are all distributed as part of olsrd
itself, and never outside of it.
.hc
On 10/19/2012 05:05 PM, Dan Staples wrote:
> I'd like to bring up the issue of how to best give users the ability to
> verify the integrity and authenticity of Commotion binaries and source
> code they download from the website. Currently, our redmine provides
> md5 checksums of our OpenWRT images. Without even getting into the
> weaknesses of the md5 algorithm (which may or may not be relevant here),
> a checksum doesn't let the user verify that the image they download is
> in fact authentic (e.g. in the case of a man-in-the-middle attack or a
> compromised server).
>
> The TAILS project provides the PGP signature of their ISO image on their
> download page (https://tails.boum.org/download/index.en.html). I like
> this approach because the user is able to check both the integrity and
> authenticity of their download. What would folks think about using a
> PGP signature instead or in addition to an md5 checksum? Another ideas
> is that we could instruct users to use web of trust and public key
> servers to retrieve and verify the PGP signing key, instead of getting
> it from our website. Of course, this brings up the question of who
> would own and manage the signing key for Commotion...
>
> Finally, attached is a screenshot of a Downloads page for the Commotion
> website I'm putting together. Right now it just has OpenWRT, but
> Android will also be added. If anyone has suggestions for what else
> should go on the page or what should be different, please let me know.
> Here (or maybe elsewhere?) we could also list the features that are in
> development or planned, but aren't a part of the core Commotion
> repositories (like OLSRd plugins), and there would be links out to these
> sub-projects.
>
> Dan Staples
>
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> http://lists.chambana.net/mailman/listinfo/commotion-dev
>
More information about the Commotion-dev
mailing list