[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?

To: tails-dev@xxxxxxxx, tor-talk@xxxxxxxxxxxxxxxxxxxx, mixmaster@xxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
From: intrigeri <intrigeri@xxxxxxxx>
Date: Fri, 18 Oct 2013 14:49:37 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Oct 2013 08:56:10 -0400
In-reply-to: <a9fcfe9addffcc045087843de9ffd00f@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <a9fcfe9addffcc045087843de9ffd00f@xxxxxxxxxxxxxxxxxxx>
References: <0662e4e7722418c604345059e49c148d.squirrel@xxxxxxxxxxxxxxxxxxxxxx> <a9fcfe9addffcc045087843de9ffd00f@xxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

Anonymous Remailer (austria) wrote (17 Oct 2013 17:58:39 GMT) :
> I have a question:

@OP: first, it seems you have cross-posted this to at least tor-talk,
tails-dev and Full-Disclosure, without making it clear with an
explicit Cc:. This will painfully lead to various unlinked discussions
and will be a mess for us to address this question. So, please don't
do that next time, thanks in advance :)

I'm setting I-R-T and References headers to at least avoid breaking
the thread on tor-talk and tails-dev.

> Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR)
> Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution)

> To be found in Tails (not found in TBB), some additional certificates:

Thanks for carefully auditing this aspect of Tails.

> DigiCert Inc -> DigiCert High Assurance EV CA-1
> DigiCert Inc -> DigiCert High Assurance CA3
> GeoTrust Inc. -> Google Internet Authority G2
> StartCom Ltd. -> StartCom Class 2 Primary Intermediate Server CA
> The Go Daddy Group, Inc -> Go Daddy Secure Certification Authority
> The USERTRUST Network -> Gandi Standard SSL CA
>
> All these are listed as "Software Security Device" certificaties.
> The others are "Builtin Object Token" and baked in the browser.

Tails ships NSS 2:3.14.3-1~bpo60+1 from Debian squeeze-backports.

If you are interested in investigating this any further, next step is
to compare with the version of NSS that is shipped by (or linked into,
or something) the TBB.

> Question is: did TAILS added some extra CA's ?

No, we don't add any CA to Tails.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] New Onions
Next by Author: [tor-talk] Freenet and hidden services
Previous by thread: Re: [tor-talk] Tortilla
Next by thread: [tor-talk] Fwd: Can You Trust NIST?
Index(es):
- Author
- Thread