On 29-10-2013 10:49, Celejar wrote:
The question is not whether it's better than clear text over HTTP, but whether it's better than SSL.If no CA is compromized, I think SSL alone is more secure than Tor alone. But it is possible to use SSL with Tor. Then there are two layers of authentication/encryption. On 29-10-2013 10:42, Szabó Péter wrote: Can't the packages be verified via Tor after they are downloaded but before they get installed?As I know, Tor and SSL encrypt/auth traffic, not the data. The pre-installing verification is done via apt, verifying OpenPGP signs on deb packages. |