[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 09 Jun 2011 15:01:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 09 Jun 2011 11:01:54 -0400
In-reply-to: <051.24e6bc95d8b79b69cef1db04f634a5c7@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.24e6bc95d8b79b69cef1db04f634a5c7@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3368: Add *.torproject.org to Chrome STS list
----------------------------+-----------------------------------------------
    Reporter:  cypherpunks  |       Owner:  phobos  
        Type:  enhancement  |      Status:  accepted
    Priority:  normal       |   Milestone:          
   Component:  Website      |     Version:          
  Resolution:               |    Keywords:          
      Parent:               |      Points:          
Actualpoints:               |  
----------------------------+-----------------------------------------------

Comment(by phobos):

 Replying to [comment:4 phobos]:
 > If the user has never visited *.torproject.org, doing so over https
 isn't going to stop an ssl mitm.  Correct?

 Thinking further about this, it's the same problem I have with our https
 everywhere firefox extension, unless you include the ssl fingerprints and
 serial numbers, how does the user know that the cert that is presented is
 the correct cert?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3368#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3368 [- Select a component]: Add *.torproject.org to Chrome STS list
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
Next by Author: Re: [tor-bugs] #1598 [Tor Check]: Others have suggested we turn this into a Tor portal.
Previous by thread: Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
Next by thread: Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
Index(es):
- Author
- Thread