[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files

Subject: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 31 Oct 2014 23:23:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Oct 2014 19:23:20 -0400
In-reply-to: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.3041765ec76a9eb516def5ea0d98ff93@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13379: Sign our MAR files
-----------------------------+--------------------------
     Reporter:  mikeperry    |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-security
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------

Comment (by mcs):

 As it turns out, Mozilla has recently made some progress towards adding
 signature support on all platforms.  Here is their tracking bug:

 https://bugzilla.mozilla.org/show_bug.cgi?id=973933

 Most of the dependent bugs have patches.  One thing that is messy is that
 they want to keep the updater executable as small and standalone as
 possible, so they are doing things like using OS APIs to verify signatures
 (on Windows they use CryptoAPI and on Mac OS they use Apple's Security
 framework).  I think they plan to use NSS on Linux, and we may want to use
 NSS everywhere for trust and auditability reasons.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #13621 [Tor]: Add example configuation file for relays
Next by Author: Re: [tor-bugs] #12130 [Pluggable transport]: Figure out deployment strategy for obfs4
Previous by thread: Re: [tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Next by thread: Re: [tor-bugs] #9703 [EFF-HTTPS Everywhere]: Break in Bing Images Search
Index(es):
- Author
- Thread