[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way



#3861: begin signing Windows packages the Windows way
-------------------------------------+-------------------------------------
     Reporter:  erinn                |      Owner:  erinn
         Type:  enhancement          |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Tor                  |    Version:
  bundles/installation               |   Keywords:  tbb-3.0, tbb-security,
   Resolution:                       |  tbb-usability-stoppoint-app,
Actual Points:                       |  tbb-4.5-alpha
       Points:                       |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by starlight):

 A major benefit of signing binaries is that
 TBB can be readily whitelisted in AppLocker
 (and presumably other whitelist tools).
 Please sign all the .DLLs, .PYDs and .EXEs as
 well as the actual release bundle .EXE.

 I've been experimenting with strict whitelisting
 on a system and just upgraded to 4.5a4.  Was
 some trouble to add hashes for all the files!

 With a set of fully signed binaries, one
 only has to add the rule to allow the Tor
 Project certificate one time.  MS's AppLocker
 does not check certificate hashes (I'm not
 sure if that's good design or not) so if the
 attributes of a renewed certificate stay the
 same, a TBB "publisher" rule should continue
 to work through cert rollovers.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs