[tbb-bugs] #20461 [Applications/Tor Browser]: Ship “static cache” of intermediate CAs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 25 16:37:14 UTC 2016
#20461: Ship “static cache” of intermediate CAs
------------------------------------------+----------------------
Reporter: nicoo | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
TBB produces certificate validation errors on incomplete certificate
chains, which may “somewhat work” on other browsers due to intermediary
CAs being present in caches.
This is problematic, as this leads users to expect certificate errors on
certain sites and simply click-through, effectively teaching them terrible
security practices.
We could ship, with TBB, a builtin list of “cached” intermediate CAs that
are prevalent among misconfigured servers. This data can be obtained from
TLS Observatory's data, according to ulfr.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20461>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list