[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
#17442: adjust or remove updater cert pinning
-----------------------------------+-----------------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201512R | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+-----------------------------------
Comment (by gk):
I think this is important enough for warranting s test which makes sure we
really get the pinning we want. This can probably happen in a follow-up
ticket or here if you think. Did you specifically look at what
`security.cert_pinning.enforcement_level` set to `2` does and that this
does not have holes which can bypass pinning? That was the other things
that held me back from closing this ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs