[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
#3368: Add *.torproject.org to Chrome STS list
----------------------------+-----------------------------------------------
Reporter: cypherpunks | Owner: phobos
Type: enhancement | Status: accepted
Priority: normal | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by cypherpunks):
It will stop anyone who tries to do an sslstrip attack and that is the
purpose. Anyone with a valid CA will be able to perform a MITM and in the
future, Chrome will have DNS binding that allows you to say _which_ CA
will be able to sign for your domain. So in the very near future, this
will actually prevent most MITM attacks and right away it will prevent
downgrade attacks.
If the user has torproject.org in the list, the website will simply break
and hopefully they will email us. That seems like a fine failure mode and
we can't really help them unless they do contact us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3368#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs