[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8957 [EFF-HTTPS Everywhere]: The SSL Observatory client should listen for and submit invalid certs

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8957 [EFF-HTTPS Everywhere]: The SSL Observatory client should listen for and submit invalid certs
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 24 May 2013 17:26:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 May 2013 13:26:44 -0400
In-reply-to: <043.c034cd9856310204bb1d3937b67dd51f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.c034cd9856310204bb1d3937b67dd51f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8957: The SSL Observatory client should listen for and submit invalid certs
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde
     Type:  enhancement           |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------

Comment(by pde):

 <keeler> I should mention we're trying to deprecate nsIBadCertListener2 -
 you should be able to do what it does by opening a connection and
 receiving events on its channel
 <keeler> I've done a similar thing in test_ocsp_stapling.js in
 https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=700693&attachment=747679
 <pde> keeler: by "opening a connection" to you mean making a ghost https
 request for every https domain the browser connects to?
 <pde> s/to/do
 <pde> ?
 <keeler> oh, no - that would be a bit of a bummer. I just meant for an
 individual request
 <keeler> I guess nsIBadCertListener2 is the only way to do it wholesale
 <pde> keeler: is there a bug we can watch for the future of
 nsIBadCertListener2?
 <keeler> pde: hmmm - maybe I was wrong about that. We removed some
 unnecessary implementations of it in bug 750421, but I don't think there's
 a bug on removing the interface entirely yet
 <firebot> Bug https://bugzilla.mozilla.org/show_bug.cgi?id=750421 enh, --,
 mozilla22, bsmith, RESO FIXED, Remove unnecessary nsIBadCertListener2 and
 nsISSLErrorListener implementations
 <bsmith> keeler pde: which interface?
 <keeler> nsIBadCertListener2
 <bsmith> keeler pde: it is possible to get the effect of
 nsIBadCertListener2 using other callbacks.
 <keeler> bsmith: for all connections?
 <bsmith> keeler: I think you can use nsIWebProgressListener and similar,
 in all contexts that oyu can use nsIBadCertListener2
 <keeler> oh yeah

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8957#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #8957 [EFF-HTTPS Everywhere]: The SSL Observatory client should listen for and submit invalid certs
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #8789 [Tor]: "err" target in connection_listener_new() should close socket s
Next by Author: Re: [tor-bugs] #4282 [Tor]: Extract common "make private stats dir" code from rephist.c, geoip.c
Previous by thread: [tor-bugs] #8957 [EFF-HTTPS Everywhere]: The SSL Observatory client should listen for and submit invalid certs
Next by thread: [tor-bugs] #8958 [EFF-HTTPS Everywhere]: Let <rule> elements specify an altenative hostname that should be accepted in a cert
Index(es):
- Author
- Thread