Pen register request used to force disclosure of SSL private keys - LavaBit hearings

coderman coderman at gmail.com
Thu Oct 3 12:55:07 PDT 2013


On Thu, Oct 3, 2013 at 12:24 PM, CodesInChaos <codesinchaos at gmail.com> wrote:
> ...
> I don't think disabling auto-update is a good idea. What we need is secure
> auto update.

agreed.


> This involves:
> 1) requiring multiple signatures on the update by people in different
> jurisdictions
> 2) Reproducible builds
> 3) A Certificate Transparency like log of all updates.
>
> I believe TOR is doing some work on points 1) and 2).


there are additional concerns regarding the implementation of updates
and key management for the updates as well.

see:
  http://www.cs.arizona.edu/stork/
  http://www.cs.arizona.edu/stork/packagemanagersecurity/papers.html
  https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Thandy



More information about the cypherpunks mailing list