[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Torbutton: 'Disable Updates During Tor' - Option
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
>> I concluded that the addon process is insecure because the versioncheck
>> happens over HTTPS but the actual download of the new xpi file is over http.
>> This simple conclusion is wrong if one doesn't check the entire update
>> mechanism.
>> To download something over an insecure channel is fine as long as you
>> can check the file for modifications after the download.
>
> Authentication is done now.
Thanks for confirming this.
>> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=653830#c4
>>
>> http://kb.mozillazine.org/Software_Update
>
> This is extremely interesting. Seems to indicate that to preserve the
> same level of update security that Mozilla provides,
yes, the certificate is hardcoded - I tried an addon update doing a MITM
with my own root CA (manually installed)
result: update refused (good!)
> we should be
> hardcoding certificates for both the HTTPS-Everywhere and torbutton
> update urls, as they do not go through versioncheck (anymore)..
hardcoding your *.tpo wildcard cert will also make other services safer
(check.tpo, www.tpo), but it will require new releases when the cert
expires.
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk4XWXUACgkQyM26BSNOM7ZtWQD7BaSlwl/1TGWQEoTFTLpEevEr
L4/JcnMMKkAJroUB0qIBAIVpFM1RLnUN07a6DUzkx0F1dCXen/lT8A0yLbpYLcca
=NwiA
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk