[Pkg-anonymity-tools] Bug#752275: torbrowser-launcher: downgrade and indefinite freeze attacks [was: several possible/probably security issues]
Holger Levsen
holger at layer-acht.org
Tue Aug 19 18:44:42 UTC 2014
control: retitle -1 better protection against downgrade attacks
control: tags -1 - moreinfo
control: tags -1 + upstream
Hi,
as I see it, this is left unaddressed from this bug report, thus changing the
bug title accordingly.
On Mittwoch, 25. Juni 2014, intrigeri wrote:
> When we've thought Tails incremental upgrades through, the best
> defense we've found against downgrade attacks is to encode the version
> information about a given target file (using the TUF specification
> nomenclature [1] here) as part of what's strongly authenticated (in
> this case, with OpenPGP), instead of trusting filenames in any way.
>
> That's what our upgrade-description files [2] are for. But even then,
> against an adversary who controls the web space that hosts the
> upgrade-description files, or who can break TLS, Indefinite freeze
> attacks are still possible. The only way I've see to mitigate it is
> short-lived signatures on meta-data.
>
> In the case of tor-launcher, it may be possible to drop the
> indirection layer (upgrade-description files), and protect against
> downgrade attacks simply by comparing the currently running version,
> with the version information that is, I guess, present in the target
> files, once they've been downloaded and authenticated.
>
> [I'm now realizing that the TUF spec has changed since last time I've
> read it. And Tor Browser's upcoming self-upgrade super-power may be
> a game changer.]
>
> [1]
> https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt
> [2] https://tails.boum.org/contribute/design/incremental_upgrades/
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20140819/82a74445/attachment-0001.sig>
More information about the Pkg-anonymity-tools
mailing list