[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL for debian.org/security?



On 29-10-2013 10:49, Celejar wrote:
The question is not whether it's better than clear text over HTTP, but whether it's better than SSL.
If no CA is compromized, I think SSL alone is more secure than Tor alone.
But it is possible to use SSL with Tor. Then there are two layers of authentication/encryption.

On 29-10-2013 10:42, Szabó Péter wrote:
Can't the packages be verified via Tor after they are downloaded but before they get installed?
As I know, Tor and SSL encrypt/auth traffic, not the data.
The pre-installing verification is done via apt, verifying OpenPGP signs on deb packages.

Reply to: