[tbb-bugs] #17216 [Applications/Tor Browser]: Make Tor Browser's updater work over Hidden Services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 28 20:36:20 UTC 2019
#17216: Make Tor Browser's updater work over Hidden Services
-------------------------------------------------+-------------------------
Reporter: isis | Owner: tbb-
| team
Type: enhancement | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tor-hs tbb-security, | Actual Points:
TorBrowserTeam201901 |
Parent ID: | Points: medium
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* status: new => needs_information
* cc: weasel, ln5 (added)
* keywords: tor-hs tbb-security => tor-hs tbb-security,
TorBrowserTeam201901
Comment:
I'd like to test this out, first in the alpha series, sooner than later.
The idea would be to fetch the metadata file (update.xml) over .onion
which is a pretty small file (around 1000 bytes) but *not* the full
update. I am in particular concerned about TLS being the means of
authenticating the contents of that xml file and think we can do better
with an .onion responsible for that.
weasel, ln5: do you feel the current .onion setup for aus1 is robust
enough for that test? Should we wait until we have v3 services available?
Or...?
Any other concerns?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17216#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list