[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20180 [Internal Services/Tor Sysadmin Team]: Pin certificates for aus1.tpo and cdn.tpo
#20180: Pin certificates for aus1.tpo and cdn.tpo
-------------------------------------------------+---------------------
Reporter: gk | Owner: tpa
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #19481 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Comment (by gk):
Quoting yawning's comment:7:ticket:19481
{{{
This shouldn't be done at all till it's possible to pin the cert chain
for aus1.tpo over a prolonged period of time (not the rather short 3
months imposed by the Let's Encrypt cert lifespan).
WHile the scope of potential problems from not doing so should be limited
to adversaries withholding updates (since the MARs are signed), that feels
suboptimal.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20180#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs