Page MenuHomePhabricator

SSL/TLS Mirrors
Closed, WontfixPublic


Migrated from:


SSL mirrors may sound like a bad idea for security, may seem like an oxymoron. A justification why we believe it improves security can be found here:

As another justification. Here is an argument from authority, as I understand, Jacob Appelbaum preferred if Tails download was https by default. Source:

Implementation ideas:

SSL/TLS Mirrors are difficult to implement because of the trust / key issues.

Let mirrors use whatever certs/domains they have (hopefully from a "trusted" CA so it doesn't throw alerts to the user), and include their URL in a list. When a user visits the download page, one of those URL is placed into the article using something like Extension:RandomInclude. This would be a little cumbersome with caching. Perhaps we could have a static link to something like "", which would then in turn point to an SSL mirror randomly.

There was a helpful answer on libtech mailing list on how to implement this:

Comments by Mick:

@fortasse and I agreed on the following plan:

  • We indefinitely keep all http mirrors.
  • Those are useful as backup.
  • Useful for users who do manual verification.
  • Useful for possible later Whonix downloader/installer that does verification.
  • Useful as host for Whonix's APT repository and Whonix News (#178) [those use verification using gpg, no https required].
  • We need a mirror manager (one that contacts prospective new mirrors, stays in touch with mirrors in case of issues).
  • After we have a stable http mirror network and enough mirror contacts - we're not there yet - we ask them if they would be willing to provide optional ssl access. If not, they stay http mirrors. If yes, they become http + https mirrors.


Sharing a separate SSL private key with mirrors. Because once that key is just one in false hands, all mirrors are compromised.

Event Timeline

Patrick created this task.Feb 7 2015, 9:03 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: infrastructure, security.
Patrick added subscribers: Patrick, fortasse, HulaHoop and 2 others.
Patrick updated the task description. (Show Details)Feb 7 2015, 9:06 PM
Patrick closed this task as Wontfix.Apr 11 2016, 5:51 PM
Patrick claimed this task.

We are now serving all downloads from over https. Therefore no need to implement this ticket.