[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning

Subject: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 07 Nov 2015 03:58:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 Nov 2015 22:58:34 -0500
In-reply-to: <043.50a0c0f66b8e55d9be7b3e4cd876ed33@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.50a0c0f66b8e55d9be7b3e4cd876ed33@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17442: adjust or remove updater cert pinning
-------------------------+--------------------------
 Reporter:  mcs          |          Owner:  tbb-team
     Type:  defect       |         Status:  assigned
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by mikeperry):

 It does sound like this update-specific pin is redundant to (and weaker
 than) the HPKP pins. However, I very much disagree with
 https://bugzilla.mozilla.org/show_bug.cgi?id=1063111#c3. We should keep an
 eye on that and make sure that the HPKP pins always apply to the updater,
 as we do not have the problem of needing to support corporate or OEM-
 installed MITMs (*cough* Lenovo Superfish *cough*).

 For us, continuing to enforce HPKP for the updater ensures that the
 adversary must compromise both the current MAR signing key *and* the
 webserver cert in order to give users bad updates. This is a much better
 position for us to be in than having there be a single point of security
 failure for compromising users during update.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16476 [Tor Messenger]: Tor Messenger Themes Preference is positioned incorrectly on OS X
Next by Author: Re: [tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic
Previous by thread: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Next by thread: Re: [tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Index(es):
- Author
- Thread