[tbb-bugs] #19481 [Applications/Tor Browser]: Change app.update.url to point to aus1.tpo

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 7 05:43:26 UTC 2016 

#19481: Change app.update.url to point to aus1.tpo
--------------------------------------+------------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  task                      |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201610R     |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+------------------------------

Comment (by bugzilla):

 On topic:
 > We should point to the new location for our xml files
 You should check that even if you put your xml files directly on NSA
 server, your updater will apply the intended updates only.

 Off topic:
 Replying to [comment:3 gk]:
 > weasel said there is no key pinning for aus1.tpo nor for cdn.tpo right
 now. It might come in the future.
 weasel AFAIK is responsible for server side where only HPKP is available
 and not used. But should?

 Replying to [comment:7 yawning]:
 > This shouldn't be done at all till it's possible to pin the cert chain
 for aus1.tpo over a prolonged period of time (not the rather short 3
 months imposed by the Let's Encrypt cert lifespan).
 Usually only CA certs are pinned (on Mozilla side too), chain can't be
 pinned. If you are going to pin your 3 mo cert itself (which is best for
 security as it fully "breaks" PKI), then it's better to develop strong
 policy for the whole your infrastructure support (instead of PKI) at
 first, or you will end with a disaster worse than Mozilla has had
 recently.
 > WHile the scope of potential problems from not doing so should be
 limited to adversaries withholding updates (since the MARs are signed),
 that feels suboptimal.
 The scope of potential problems is limited to: some adversary could
 prevent TBB from updating (if there are no holes in the process of
 checking signed MARs).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19481#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list