[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files

Subject: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 30 Nov 2014 20:25:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 30 Nov 2014 15:26:01 -0500
In-reply-to: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13379: Sign our MAR files
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mcs
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-security, TorBrowserTeam201411R
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 Replying to [comment:30 gk]:
 > There are some wrinkles here when generating certificates:
 >
 > 1) We are stuck with SHA1 for the moment which is not optimal to say the
 least. I've opened https://bugzilla.mozilla.org/show_bug.cgi?id=1105689 to
 get that fixed upstream. Not sure how easy it would be to loosen that
 constraint ourselves. Maybe we'd just need to get rid of that check in
 https://mxr.mozilla.org/mozilla-
 central/source/modules/libmar/verify/mar_verify.c#330.

 This seems important to fix before we ship a version of the browser that
 verifies MAR signatures.  I do not fully understand all of the NSS and
 libmar code, but it looks to me like a signature algorithm ID of 1 is
 arbitrarily assigned to the only signature algorithm that is supported by
 the libmar code, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE.  What would be the
 best algorithm to use?  I guess the signature algorithms that NSS supports
 can be seen by reading the sec_DecodeSigAlg() code here:

 http://mxr.mozilla.org/mozilla-
 esr31/source/security/nss/lib/cryptohi/secvfy.c#213

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13868 [arm]: enhancement request : display stats about ORCONN connections
Next by Author: Re: [tor-bugs] #13823 [Chutney]: chutney intervals are too short for successful bootstrap, particularly under high CPU load on OS X
Previous by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Next by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Index(es):
- Author
- Thread