[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs

To: undisclosed-recipients: ;
Subject: [tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 01 Mar 2019 16:07:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Mar 2019 11:07:27 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29628: Distrust DarkMatter Intermediate CAs
-----------------------+------------------------------------------
 Reporter:  nsuchy     |          Owner:  tbb-team
     Type:  defect     |         Status:  new
 Priority:  Immediate  |      Component:  Applications/Tor Browser
  Version:             |       Severity:  Critical
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
 Reviewer:             |        Sponsor:
-----------------------+------------------------------------------
 Mozilla Firefox's root trust store trusts an intermediate ca for a spying
 firm called DarkMatter. They trust they intermediate ca as it was signed
 by Quovadis.

 This already puts Tor users at risk as they can spy today, however once
 they are a root ca there will be no oversight by Quovadis/Digicert and
 they can misbehave and issue secret certificates to spy on Tor users.

 They have a business interest in spying on HTTPS traffic. Google Chrome
 and Mozilla Firefox are still discussing this. It's in the best interest
 of Tor Users to immediately distrust the intermediate CA.

 Thoughts?

 References:
 https://www.bleepingcomputer.com/news/security/cybersecurity-firm-
 darkmatter-request-to-be-trusted-root-ca-raises-concerns/
 https://protonmail.com/blog/dark-matter-quo-vadis/

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29628>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #29917 [Applications/Tor Browser]: Safest security level breaks reader view buttons
Next by Author: Re: [tor-bugs] #27491 [Core Tor/Tor]: Prefer IPv4 or IPv6 based on the number of failures
Previous by thread: Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser
Next by thread: Re: [tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
Index(es):
- Author
- Thread