[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys

Subject: Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 14 Apr 2014 21:45:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 14 Apr 2014 17:45:29 -0400
In-reply-to: <045.8b6a4316de749693a8abd87fb84eaf98@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.8b6a4316de749693a8abd87fb84eaf98@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11464: Implement a client-side blacklist for authority certificate signing keys
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-client 024-backport
Actual Points:           |  023-backport heartbleed
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by nickm):

 Replying to [comment:4 andrea]:
 > I think this looks okay; my reading of
 networkstatus_check_consensus_signature() is that if insufficiently many
 good signatures exist, the client will reject the consensus and not
 function?

 Yes.

 >I presume these have already been rotated and we won't horribly break any
 clients by merging this unless someone tries to use stolen signing keys to
 do something nasty to them?

 We're still waiting on dizum and dannenberg.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11464#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #11464 [Tor]: Implement a blacklist for authority certificate signing keys
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys
Next by Author: Re: [tor-bugs] #8402 [Tor]: Tor should help its transport proxy use a proxy, if needed.
Previous by thread: Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys
Next by thread: Re: [tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys
Index(es):
- Author
- Thread