[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11955 [Tor Browser]: Backport Certificate Pinning to FF31ESR

Subject: Re: [tor-bugs] #11955 [Tor Browser]: Backport Certificate Pinning to FF31ESR
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 23 Sep 2014 21:02:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Sep 2014 17:02:20 -0400
In-reply-to: <049.336839f5fbb3448da4e766c3b607d90c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.336839f5fbb3448da4e766c3b607d90c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11955: Backport Certificate Pinning to FF31ESR
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  mikeperry              |     Status:  assigned
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  TorBrowserTeam201409, ff31-esr,
    Component:  Tor      |  tbb-firefox-patch
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 Sitting with Camilo right now. The "Pin all the things" bug is just about
 updating the json list with new sites. For now, we should just focus on
 getting this to work for our updater and addons.mozilla.org, and can add a
 couple sites later.

 In terms of actual patches, we want:
 https://bugzilla.mozilla.org/show_bug.cgi?id=744204
 https://bugzilla.mozilla.org/show_bug.cgi?id=772756
 https://bugzilla.mozilla.org/show_bug.cgi?id=1002696
 https://bugzilla.mozilla.org/show_bug.cgi?id=1009635

 There was a regression that should be fixed in the patch set for 772756
 that broke the addons pane. We should verify our backport doesn't suffer
 from it either (note this ticket was "fixed" by backing out all pinning!
 we don't want to do that, but want the patch from 772756 instead):
 https://bugzilla.mozilla.org/show_bug.cgi?id=1005364

 From the "pin all the things" ticket, the following might be useful to
 test the waters if we are feeling good about addons and the updater:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1004353 (Tor)
 https://bugzilla.mozilla.org/show_bug.cgi?id=1004351 (Twitter)
 https://bugzilla.mozilla.org/show_bug.cgi?id=1004352 (Google)
 https://bugzilla.mozilla.org/show_bug.cgi?id=1027133 (*.twitter.com)

 After that, there is an updater script for keeping pins up to date. The
 instructions are at the top of this file:
 https://mxr.mozilla.org/mozilla-
 central/source/security/manager/tools/genHPKPStaticPins.js

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11955#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #13228 [Tor]: non-obvious ./configure error message when asciidoc isn't installed
Next by Author: Re: [tor-bugs] #12500 [Tor]: Slay hidden service upload time dragons
Previous by thread: Re: [tor-bugs] #11955 [Tor Browser]: Backport Certificate Pinning to FF31ESR
Next by thread: Re: [tor-bugs] #11955 [Tor Browser]: Backport Certificate Pinning to FF31ESR
Index(es):
- Author
- Thread