[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB

Subject: Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 15 May 2015 20:51:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 15 May 2015 16:51:25 -0400
In-reply-to: <046.c2ea710aee20fc4b7602ccfbf995f897@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.c2ea710aee20fc4b7602ccfbf995f897@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#3555: Pin *.torproject.org's certs in TBB
-----------------------------+-------------------------------
     Reporter:  tagnaq       |      Owner:  cyperpunks
         Type:  enhancement  |     Status:  assigned
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-firefox-patch
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-------------------------------

Comment (by arma):

 Replying to [comment:25 vynX]:
 > If the torproject.org sites were available as hidden services then the
 self-authenticating feature of public-key addresses would obsolete the
 need to pin any certificates.

 I like where you're trying to go with this, but it is alas wrong. It
 assumes that somehow everybody knows the right onion names for each
 service. And then we're back to a very similar problem.

 But more generally, it is not useful to get into a discussion here about
 what security properties onion services get. The previous comments here
 make this look like we should close as a wont-fix.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
Next by Author: [tor-bugs] #16046 [Tor Browser]: Manual HTTP proxy configuration broken?
Previous by thread: Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
Next by thread: Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
Index(es):
- Author
- Thread