[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #33568 [Applications/Tor Browser]: Namecoin for TLS certificate validation

To: undisclosed-recipients: ;
Subject: [tor-bugs] #33568 [Applications/Tor Browser]: Namecoin for TLS certificate validation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 09 Mar 2020 08:22:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Mar 2020 04:22:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33568: Namecoin for TLS certificate validation
-------------------------+------------------------------------------
 Reporter:  JeremyRand   |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Component:  Applications/Tor Browser
  Version:               |       Severity:  Normal
 Keywords:  namecoin     |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+------------------------------------------
 Namecoin can provide DANE-style functionality for TLS certificate
 validation.  This would enable validating trust of TLS certificates for
 onion services that have a Namecoin domain (relevant for Whonix-style
 trust models) without relying on public CA's, and would also make it
 harder for MITM attacks against exit traffic to be performed (if Namecoin
 support for exit traffic were added to Tor Browser).

 Firefox does not natively support DANE, but we (the Namecoin devs) have
 identified a way to get DANE-like functionality in Firefox with no code
 patches to Firefox (we're using the PKCS11 "FindObjects" API to achieve
 this).  Some small code patches to Firefox would make the code cleaner,
 but this wouldn't be required.

 I assume this is a lower priority than the existing Namecoin support for
 onion services that's currently in Tor Browser Nightly, but Matt asked me
 to file a ticket for it anyway since it came up in one of the Tor Browser
 IRC meetings.

 (As a side note, Namecoin's approach for getting DANE-like functionality
 in Firefox would probably be equally workable for the .onion TLD, so this
 might also allow things like putting a TLSA record in an onion service
 descriptor, without relying on Namecoin itself at all.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33568>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful
Next by Author: Re: [tor-bugs] #22011 [Applications/GetTor]: Implement telegram bot for gettor
Previous by thread: Re: [tor-bugs] #33404 [Applications/Tor Browser]: 'No video with supported format and MIME type found.'
Next by thread: Re: [tor-bugs] #32355 [Applications/Tor Browser]: Tor Browser for Linux/ARMv7 (x86_64 build arch)
Index(es):
- Author
- Thread