Hi Kevin, Kevin Chadwick wrote: > Debian developers not being able to upload security fixes is part of > the mix but then I would guess you could more easily bring down the TOR > network too than a private VPN and filtering would be much more > difficult so I would say TOR is not *optimum* for security or > availability and obscurity is no real security though perhaps very > occasionally the best possible ;-). I'm not saying that DD's should use Tor. But a VPN might not be more secure. > Tor is more complex, less proven, had more past exploits and crucially I > believe? generally more reliant on external infrastructure. It's > primary aim is privacy and not a simply secure protocol. I include SSH > when I say VPN too but host security is paramount in any case. Software VPNs have had vulnerabilities over and over again, the last one being heartbleed (that also affected commercial VPN products such as Cisco ASA/PIX and some Juniper devices). IPsec hat to be revised and is often implemented in a way that defies the standard that has been under heavy criticism by the cryptography community (e.g. https://www.schneier.com/paper-ipsec.html) Bashing on Tor does not help here. Aaron
Attachment:
signature.asc
Description: OpenPGP digital signature