[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files

Subject: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 18 Dec 2014 15:19:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Dec 2014 10:19:55 -0500
In-reply-to: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13379: Sign our MAR files
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mcs
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-security,
  Browser                |  TorBrowserTeam201412,TorBrowserTeam201412R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 Replying to [comment:54 gk]:
 > Okay, pushed. One final thing: Given that Mozilla's certificates were
 only valid in a three month period several years ago it seems the related
 cert attributes are not checked during signature verification and our
 certificates are essentially never invalid, right?

 Yes.  I am sorry we forgot to mention this sooner.  Looking at the code in
 libmar, the public key is extracted from the cert data (that is compiled
 into the updater) via a couple of NSS calls:
 CERT_NewTempCertificate() and CERT_ExtractPublicKey().  I don't think
 those calls to do cert validity checks, and I don't think the signature
 verifications calls do either, e.g., NSS_VerifySignature().

 On the one hand, this is good because it means that old browsers can
 verify the MAR signatures even after the signing key expires.  On the
 other hand, there does not seem to be a way to revoke a certificate.

 Do we need to fix this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:55>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #13987 [Tor]: Apply laplace noise to other statistics
Next by Author: [tor-bugs] #13988 [Tor]: Report bandwidth usage aggregated over a longer period
Previous by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Next by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Index(es):
- Author
- Thread