[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Jan 2020 11:15:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Jan 2020 06:16:06 -0500
In-reply-to: <045.1455a296baba7f63165db8498d7b8fc1@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.1455a296baba7f63165db8498d7b8fc1@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#31988: Generate a mar signing key for nightly builds
-------------------------------------------------+-------------------------
 Reporter:  boklm                                |          Owner:  boklm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-rbm, boklm201910, tbb-update,    |  Actual Points:  1
  TorBrowserTeam202001R                          |
Parent ID:  #18867                               |         Points:  1
 Reviewer:  mcs                                  |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by boklm):

 Replying to [comment:9 mcs]:
 > The script looks good. Do we expect to use this script manually or via
 automation? If we only plan to use it manually, it seems like we should
 avoid using `--empty-password`.  Of course if we do not use that option
 then there will be another password for us to track.

 I have been thinking about adding a password to the key, but then realized
 that we will using this key to sign automatically new nightly builds, so
 the signing script will need to know the password and we would need to
 store the password in a file along with the key. This means that if an
 attacker is able to steal the key, they will also likely be able to steal
 the password with it. So it seems to me that having a password does not
 provide any additional protection, and not having one make things a little
 more simple.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31988#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #32103 [Core Tor/Tor]: Subsystem "thread_cleanup" is never called
Next by Author: Re: [tor-bugs] #33035 [Applications/Tor Browser]: create strings for onion service error pages (was: crreate strings for onion service error pages)
Previous by thread: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
Next by thread: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
Index(es):
- Author
- Thread