[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32498 [Applications/Tor Browser]: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #32498 [Applications/Tor Browser]: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 19 Nov 2019 15:12:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 19 Nov 2019 10:12:21 -0500
In-reply-to: <045.541ecb9db59be9ea05a98fdb82c8a6ff@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.541ecb9db59be9ea05a98fdb82c8a6ff@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#32498: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)
-------------------------------------------------+-------------------------
 Reporter:  boklm                                |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-rbm, boklm201911, tbb-update,    |  Actual Points:
  TorBrowserTeam201911                           |
Parent ID:  #18867                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by boklm):

 Replying to [comment:1 mcs]:
 > Using different MAR channel IDs would prevent the updater from accepting
 a mar file from a different channel (probably better from a security point
 of view). If I remember correctly, doing so would also prevent use of MAR
 tools such as `signmar` across releases. That would probably be OK, but
 might lead to some confusion for developers.

 Preventing an attacker from being able to switch stable users to alpha
 seems useful. Although that does not seems to be a major threat, so it is
 probably not urgent to do it.

 Looking at `modules/libmar/tool/mar.c`, I see that some of the commands
 have a `-H MARChannelID` option (for example the one to create a MAR
 file), but it seems the signing one does not have that option. We normally
 use the martools from the corresponding version when generating mar and
 incremental mars, so this should not be an issue.

 >
 > If we do switch the MAR channel for in our alpha series we need to think
 about how to make the transition. I believe that such a transition will
 require a "watershed" update, but I have not spent a lot of time thinking
 about it.

 As there is no urgency to do the switch, maybe we could have an
 `ACCEPTED_MAR_CHANNEL_IDS` containing both channels for something like 9
 months, before doing the switch without a watershed update (or taking
 advantage the watershed update to the next ESR if one is needed). This
 would break update for alpha users who did not update in a few months, but
 maybe there are not so many users of 9 month-old alpha versions.

 For the nightly, switching channels is already prevented by using
 different signing keys, but since there is no transition needed, maybe we
 can use a separate channel ID from the beginning.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32498#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #32498 [Applications/Tor Browser]: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #32615 [Applications/Tor Browser]: New Fennec onboarding and activitystream conflicts
Next by Author: Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it
Previous by thread: Re: [tor-bugs] #32498 [Applications/Tor Browser]: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)
Next by thread: Re: [tor-bugs] #32498 [Applications/Tor Browser]: Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)
Index(es):
- Author
- Thread