[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list



#3368: Add *.torproject.org to Chrome STS list
----------------------------+-----------------------------------------------
    Reporter:  cypherpunks  |       Owner:  phobos  
        Type:  enhancement  |      Status:  accepted
    Priority:  normal       |   Milestone:          
   Component:  Website      |     Version:          
  Resolution:               |    Keywords:          
      Parent:               |      Points:          
Actualpoints:               |  
----------------------------+-----------------------------------------------

Comment(by phobos):

 Replying to [comment:4 phobos]:
 > If the user has never visited *.torproject.org, doing so over https
 isn't going to stop an ssl mitm.  Correct?

 Thinking further about this, it's the same problem I have with our https
 everywhere firefox extension, unless you include the ssl fingerprints and
 serial numbers, how does the user know that the cert that is presented is
 the correct cert?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3368#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs