[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 02 Sep 2011 14:19:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Sep 2011 10:19:38 -0400
In-reply-to: <045.37e81eb0241462f506afc6c107c51d33@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.37e81eb0241462f506afc6c107c51d33@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3861: begin signing Windows packages the Windows way
--------------------------------------+-------------------------------------
 Reporter:  erinn                     |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by erinn):

 Yes, that is a very good summary of the situation. I don't think I decided
 not to bother -- it was left as a 'controversial' issue, but I think we
 should explore it more. Right now when you install one of our Windows
 packages, it comes from an 'Unknown' publisher which is much more trivial
 to spoof than one that claims to be from Tor Project, Inc. and has a
 key/cert/whatever to prove it.

 But to reiterate, I think we should explore this in more depth to see what
 the tradeoffs are. Because although it may be more difficult for someone
 to build a fake Windows bundle and then claim to be from us, it will also
 be much more convincing if they pull it off.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3909 [Tor Client]: Tor 0.2.2.32 no longer cross compile (to iOS)
Next by Author: Re: [tor-bugs] #3891 [Orbot]: Transparent proxy not woking
Previous by thread: Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
Next by thread: Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
Index(es):
- Author
- Thread