[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org

Subject: Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Oct 2013 23:09:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Oct 2013 19:09:33 -0400
In-reply-to: <048.6ea22bfe2b5a5c6d74c9a0df67e2cdd1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.6ea22bfe2b5a5c6d74c9a0df67e2cdd1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9769: Move HTTPS Everywhere back to addons.mozilla.org
--------------------------------------+----------------------
     Reporter:  micahlee              |      Owner:  micahlee
         Type:  project               |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by mikeperry):

 With respect to the third point from the description: Mozilla does not
 sign updates. It also turns out that cert pinning is still not implemented
 for addons.mozilla.org, so anyone with any compromised CA cert will be
 able to feed addon updates that trojan/subvert/replace HTTPS-Everywhere.
 According to Camilo, A.M.O. pinning won't land until at least Q1 2014.

 I am not sure if it is possible to use a custom addon update key with
 A.M.O. Probably not by default, since it would require that your addon
 have its own update.rdf URL still on EFF's servers (and signed with your
 key). This is forbidden by the A.M.O. upload process, but maybe you can
 get them to craft an exemption for you.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9769#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #9868 [EFF-HTTPS Everywhere]: Stop bundling rulesets with extension, download separately instead (like ABP)
Next by Author: Re: [tor-bugs] #9842 [Tor]: dnsport listener using tcp and not udp
Previous by thread: Re: [tor-bugs] #9868 [EFF-HTTPS Everywhere]: Stop bundling rulesets with extension, download separately instead (like ABP)
Next by thread: Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
Index(es):
- Author
- Thread