[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files



#13379: Sign our MAR files
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mcs
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-security, TorBrowserTeam201411R
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 It seems fine to me if we want to hold off until 4.5-alpha-3 for this for
 stability and logistical reasons (key management, release delay), but that
 said I think a SHA1-based sig is still better than no sig.

 Still, to pick from the ones listed in secvfy.c, probably either:
 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE or
 SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs