[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files

Subject: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 18 Dec 2014 18:58:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Dec 2014 13:58:34 -0500
In-reply-to: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13379: Sign our MAR files
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mcs
  mikeperry              |     Status:  closed
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-security,
  Browser                |  TorBrowserTeam201412,TorBrowserTeam201412R
   Resolution:  fixed    |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:55 mcs]:
 > On the one hand, this is good because it means that old browsers can
 verify the MAR signatures even after the signing key expires.  On the
 other hand, there does not seem to be a way to revoke a certificate.
 >
 > Do we need to fix this?

 Definitely not in this ticket if at all. Having the certificate only valid
 for a certain amount of time would not help much as the procedure in all
 cases of key exchange (be it due to compromise, be it due to key expiry,
 be it due to a lost private key, ...) would be the same: exchanging the
 key in question with a new one, baking it into Tor Browser and signing the
 MAR files from now on with the new key (too).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:56>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7164 [Tor]: microdesc.c:378: Bug: microdesc_free() called, but md was still referenced 1 node(s); held_by_nodes == 1
Next by Author: Re: [tor-bugs] #7164 [Tor]: microdesc.c:378: Bug: microdesc_free() called, but md was still referenced 1 node(s); held_by_nodes == 1
Previous by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Next by thread: [tor-bugs] #13872 [- Select a component]: The Benefits Of Lipo 13 Pills And Itâs Actual Composition
Index(es):
- Author
- Thread