[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning

Subject: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 06 Nov 2015 16:05:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 Nov 2015 11:05:44 -0500
In-reply-to: <043.50a0c0f66b8e55d9be7b3e4cd876ed33@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.50a0c0f66b8e55d9be7b3e4cd876ed33@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17442: adjust or remove updater cert pinning
-------------------------+--------------------------
 Reporter:  mcs          |          Owner:  tbb-team
     Type:  defect       |         Status:  assigned
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------
Changes (by gk):

 * status:  needs_information => assigned


Comment:

 Yes, we should get rid of that part. FWIW: Mozilla already did the same
 https://bugzilla.mozilla.org/show_bug.cgi?id=1151485 and plans to remove
 the custom checks code in general, now that they have signed MAR files on
 all platforms: https://bugzilla.mozilla.org/show_bug.cgi?id=1182352. It is
 worth noting, too, that there are voices that think pinning (esp. the
 strict mode we enforce) is not the ideal thing for the updater if one has
 already signed MAR files, see e.g.:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1063111#c3.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17549 [Tor]: tortls.c compile error w/Tor v0.2.8.0-alpha-dev and OpenSSL 1.1.0-dev (git-19e10f95c105a698) against SSL_Dev (was: tortls.c compile error w/Tor v0.2.8.0-alpha-dev (git-19e10f95c105a698) against SSL_Dev)
Next by Author: Re: [tor-bugs] #17465 [Tor Messenger]: Unable to connect to bip IRC proxy
Previous by thread: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Next by thread: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Index(es):
- Author
- Thread