[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15532 [Applications/Tor Browser]: Tor Browser 4.5 displays signature validation error during update
#15532: Tor Browser 4.5 displays signature validation error during update
-----------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-firefox-patch, ff38-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Comment (by gk):
As I said on IRC you don't want to have just one key baked in. Think about
losing the key/having it compromised. How are you updating your users? You
can't sign the MAR files with the new key you are about to bake in. Even
if that would still work (because you just want to rotate to a new key)
every user would need to update to that particular version. Let's assume
you need to get a chemspill release out the week afterwards if you used
your new key to sign the MAR files a considerable amount of users will
have a broken update experience as they won't have updated to the version
with the new signing keys baked in yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15532#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs