[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked



#14269: Imported certificate works only when "don't record browsing history" is
unchecked
---------------------------------+------------------------------
     Reporter:  tbb403bugreport  |      Owner:  tbb-team
         Type:  defect           |     Status:  new
     Priority:  major            |  Milestone:
    Component:  Tor Browser      |    Version:  Tor: 0.2.5.10
   Resolution:                   |   Keywords:  TBB, certificate
Actual Points:                   |  Parent ID:
       Points:                   |
---------------------------------+------------------------------

Comment (by cypherpunks):

 Replying to [comment:2 isis]:
 > I would tentatively argue that this behaviour is a feature, not a bug.

 I disagree. While attackers like HT (or Lenovo...) can and do install
 malicious certs, average users also legitimately need to install their own
 sometimes and breaking this functionality don't do much but slow down the
 kind of attackers who are in a position to do this.

 Also in the case of that email, they were actually trying to install certs
 to *use* tor (to access the HT portal), not to attack tor (according to
 https://firstlook.org/theintercept/2015/07/16/hackingteam-attacked-tor-
 browser/ - i haven't read all the related emails).

 I, for one, would very much like to install the CAcert cert in my tor
 browser! I haven't tried with 4.5 yet but I've been unable to install
 certs the last times I've tried (probably circa tbb 4.0).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs