[tbb-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 7 03:58:21 UTC 2015
#17442: adjust or remove updater cert pinning
-------------------------+--------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+--------------------------
Comment (by mikeperry):
It does sound like this update-specific pin is redundant to (and weaker
than) the HPKP pins. However, I very much disagree with
https://bugzilla.mozilla.org/show_bug.cgi?id=1063111#c3. We should keep an
eye on that and make sure that the HPKP pins always apply to the updater,
as we do not have the problem of needing to support corporate or OEM-
installed MITMs (*cough* Lenovo Superfish *cough*).
For us, continuing to enforce HPKP for the updater ensures that the
adversary must compromise both the current MAR signing key *and* the
webserver cert in order to give users bad updates. This is a much better
position for us to be in than having there be a single point of security
failure for compromising users during update.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list