[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys



#11464: Implement a client-side blacklist for authority certificate signing keys
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-client 024-backport
Actual Points:           |  023-backport heartbleed
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by nickm):

 Replying to [comment:4 andrea]:
 > I think this looks okay; my reading of
 networkstatus_check_consensus_signature() is that if insufficiently many
 good signatures exist, the client will reject the consensus and not
 function?

 Yes.

 >I presume these have already been rotated and we won't horribly break any
 clients by merging this unless someone tries to use stolen signing keys to
 do something nasty to them?

 We're still waiting on dizum and dannenberg.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11464#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs