[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4234 [Tor Browser]: Investigate the Firefox update process
#4234: Investigate the Firefox update process
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by gk):
Finally, I got the update process modified in a way that it updated my
JonDoBrowser prototype. Thus, this is working and not so difficult. The
patches are mostly in JS and not many as far as I can see.
There are some nice features one gets: first, you can ship partial updates
as well, second, there is a kind of certificate pinning funcionality
built-in (I have not tested it yet) where you can advise that TBB should
only accept built-in (i.e. TorProject) certs, third, I think there is some
mitigatioin against downgrade attacks as well (at least it could,
depending on how you create your update.xml).
Thus, the most important question to me seems to be whether you really
want to have it or would be more happy with Thandy (even if that lasts
longer to get ready). The current work was something I did in my spare
time and alas it won't be high prio in the near future (i.e. remain spare-
time work). Nevertheless, I would help you here if you want to get that
implemented for TBB.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4234#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs