[tbb-bugs] #13730 [Tor Browser]: Make use of MAR files with more than one signature

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 11 14:34:00 UTC 2014

#13730: Make use of MAR files with more than one signature
     Reporter:  gk           |      Owner:  tbb-team
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-security
Actual Points:               |  Parent ID:
       Points:               |

Comment (by gk):

 Quoting comment:7:ticket:13379:
 we may want to consider having two or three keys: one held by Georg, one
 by myself, and one on a dist server. Though this has downsides in that it
 would require Georg and I to always be available to sign builds.. I
 suppose we could instead share a builders key, and then have the second
 key live on a signing machine that other people can get access to in an
 Would it be smart to have a kind of a threshold system here instead,
 taking the burden off of us to be always available for signing (I still
 hope this happens for the reproducible builds itself too, one day)? We
 could then start with having Mike's key and mine and a third one (be it
 the general building key we are about to create or an other one) and with
 saying the update is okay iff two signatures are available and valid.
 We could even loosen the latter condition: we could have this threshold
 but still allow just one signature with an additional dialog explaining
 things given that most users are still verifying only the package
 signature. Not sure if that would be worth the effort though assuming we
 have at least two builders anyway which could then sign the MAR files,

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13730#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list