[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
#3861: begin signing Windows packages the Windows way
-------------------------------------+-------------------------------------
Reporter: erinn | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
bundles/installation | Keywords: tbb-3.0, tbb-security,
Resolution: | tbb-usability-stoppoint-app,
Actual Points: | tbb-4.5-alpha
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by starlight):
A major benefit of signing binaries is that
TBB can be readily whitelisted in AppLocker
(and presumably other whitelist tools).
Please sign all the .DLLs, .PYDs and .EXEs as
well as the actual release bundle .EXE.
I've been experimenting with strict whitelisting
on a system and just upgraded to 4.5a4. Was
some trouble to add hashes for all the files!
With a set of fully signed binaries, one
only has to add the rule to allow the Tor
Project certificate one time. MS's AppLocker
does not check certificate hashes (I'm not
sure if that's good design or not) so if the
attributes of a renewed certificate stay the
same, a TBB "publisher" rule should continue
to work through cert rollovers.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs