[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17425 [GetTor]: Improve GetTor Signature Section



#17425: Improve GetTor Signature Section
-------------------------+-------------------
     Reporter:  sukhbir  |      Owner:  ilv
         Type:  defect   |     Status:  new
     Priority:  Medium   |  Milestone:
    Component:  GetTor   |    Version:
     Severity:  Normal   |   Keywords:
Actual Points:           |  Parent ID:  #9036
       Points:           |    Sponsor:
-------------------------+-------------------
 The current GetTor reply we decided earlier was (and which is currently
 deployed):

 {{{
 SHA256 of Tor Browser 32/64-bit (advanced):
 443b38f4aa1194125ca3c79157272d5c64006928c9128127788c1cdefa642d85
 Fingerprint of key used to sign Tor Browser (advanced): 8738 A680 B84B
 3031 A630 F2DB 416F 0610 63FE E659
 }}}

 We can do better. If you see ticket:9036#comment:16, we will be
 introducing a new section on signatures and verification of the bundles.
 This is tricky since on one hand we want users to verify the bundles they
 downloaded, but on the other, it's not always easy to do so. This ticket
 will focus on what the text should look like and how we should ensure that
 users are easily able to verify the bundles.

 (It's easier said than done and it's not like we are the first ones trying
 to solve this problem but we should focus on it from GetTor's context to
 narrow it down.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17425>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs