[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked

Subject: Re: [tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 16 Jul 2015 15:24:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 16 Jul 2015 11:24:17 -0400
In-reply-to: <055.d59065ceec0ed789dcfc061bf557ed12@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <055.d59065ceec0ed789dcfc061bf557ed12@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14269: Imported certificate works only when "don't record browsing history" is
unchecked
---------------------------------+------------------------------
     Reporter:  tbb403bugreport  |      Owner:  tbb-team
         Type:  defect           |     Status:  new
     Priority:  major            |  Milestone:
    Component:  Tor Browser      |    Version:  Tor: 0.2.5.10
   Resolution:                   |   Keywords:  TBB, certificate
Actual Points:                   |  Parent ID:
       Points:                   |
---------------------------------+------------------------------

Comment (by cypherpunks):

 Replying to [comment:2 isis]:
 > I would tentatively argue that this behaviour is a feature, not a bug.

 I disagree. While attackers like HT (or Lenovo...) can and do install
 malicious certs, average users also legitimately need to install their own
 sometimes and breaking this functionality don't do much but slow down the
 kind of attackers who are in a position to do this.

 Also in the case of that email, they were actually trying to install certs
 to *use* tor (to access the HT portal), not to attack tor (according to
 https://firstlook.org/theintercept/2015/07/16/hackingteam-attacked-tor-
 browser/ - i haven't read all the related emails).

 I, for one, would very much like to install the CAcert cert in my tor
 browser! I haven't tried with 4.5 yet but I've been unable to install
 certs the last times I've tried (probably circa tbb 4.0).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16255 [Tor]: Guardfraction on dirauths screws up bandwidth weights
Next by Author: Re: [tor-bugs] #16506 [Tor]: Review current test coverage and implement test for modules when necessary
Previous by thread: Re: [tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked
Next by thread: [tor-bugs] #16549 [- Select a component]: How Male Enhancement Pills Work?
Index(es):
- Author
- Thread