Re: [Tails-dev] download over http by default?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] download over http by default?
Hi,

I've no time to seriously think about this now, with all the fires
burning around, but I'll still add a few data points that seem to be
missing from this reasoning.

Jacob Appelbaum wrote (30 Jun 2013 00:46:27 GMT) :
> Does Tails find that for every ISO, users download the signature?


We don't run the download mirrors ourselves, so we don't have access
to that data. However...

> We carry a secure mirror here:
> https://archive.torproject.org/amnesia.boum.org/tails/stable/


... you run a mirror, so you may be able to reply your own question.
I'm quite curious about the results, by the way :)

> If you guys can't handle HTTPS traffic, [...]


FYI dl.amnesia.boum.org is a DNS round-robin spread over 12 IPs,
so what we can handle is not that relevant.

If the question was simply "HTTP vs. HTTPS", then sure, the best
answer would be HTTPS. However, the question is rather "distributed
HTTP mirrors vs. centralized HTTPS server", so the best answer might
be a bit less obvious. Just my 2 lbs of food for thought, I'm happy if
it helps someone thinking this through with more facts in hand :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc