[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
#3555: Pin *.torproject.org's certs in TBB
-----------------------------+-------------------------------
Reporter: tagnaq | Owner: cyperpunks
Type: enhancement | Status: assigned
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-firefox-patch
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------------------
Comment (by arma):
Replying to [comment:25 vynX]:
> If the torproject.org sites were available as hidden services then the
self-authenticating feature of public-key addresses would obsolete the
need to pin any certificates.
I like where you're trying to go with this, but it is alas wrong. It
assumes that somehow everybody knows the right onion names for each
service. And then we're back to a very similar problem.
But more generally, it is not useful to get into a discussion here about
what security properties onion services get. The previous comments here
make this look like we should close as a wont-fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs