[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
From: tagnaq <tagnaq@xxxxxxxxx>
Date: Fri, 08 Jul 2011 21:24:37 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 08 Jul 2011 15:25:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=iYe2orIu+vc4NV6MIjTAHFpmJhtbi4DtOuEej9d2SVA=; b=EScZ2aBk/qJzgURlPZa+x9OhsJyybBCEOS0wb/DFXq/anF9l/idmKJR5Rp47U0O3Dv 7oo+XaCE2hUbpeWK6J0bfeI+5wGMmQ0oABSPWoLMu3H+EUj3XFXqt9w8x7IMtbaOcIs1 zwD3Oo7w9JCQwMepjDqjgYDpN78Vt7SaT++KU=
In-reply-to: <20110708163829.GJ19248@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4DF6198B.9040707@xxxxxxxxx> <4E0679AE.8030901@xxxxxxxxx> <4E071A92.9090704@xxxxxxxxx> <20110708163829.GJ19248@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

>> I concluded that the addon process is insecure because the versioncheck
>> happens over HTTPS but the actual download of the new xpi file is over http.
>> This simple conclusion is wrong if one doesn't check the entire update
>> mechanism.
>> To download something over an insecure channel is fine as long as you
>> can check the file for modifications after the download.
> 
> Authentication is done now. 

Thanks for confirming this.

>> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=653830#c4
>>
>> http://kb.mozillazine.org/Software_Update
> 
> This is extremely interesting. Seems to indicate that to preserve the
> same level of update security that Mozilla provides, 

yes, the certificate is hardcoded - I tried an addon update doing a MITM
with my own root CA (manually installed)
result: update refused (good!)

> we should be
> hardcoding certificates for both the HTTPS-Everywhere and torbutton
> update urls, as they do not go through versioncheck (anymore)..

hardcoding your *.tpo wildcard cert will also make other services safer
(check.tpo, www.tpo), but it will require new releases when the cert
expires.
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk4XWXUACgkQyM26BSNOM7ZtWQD7BaSlwl/1TGWQEoTFTLpEevEr
L4/JcnMMKkAJroUB0qIBAIVpFM1RLnUN07a6DUzkx0F1dCXen/lT8A0yLbpYLcca
=NwiA
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
  - From: Mary Escondido

References:
- Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
  - From: Mike Perry

Prev by Author: Re: [tor-talk] Torbutton 1.4.0 released
Next by Author: Re: [tor-talk] Torbutton 1.4.0 released
Previous by thread: Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
Next by thread: Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
Index(es):
- Author
- Thread