[tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jun 9 15:01:42 UTC 2011
#3368: Add *.torproject.org to Chrome STS list
----------------------------+-----------------------------------------------
Reporter: cypherpunks | Owner: phobos
Type: enhancement | Status: accepted
Priority: normal | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by phobos):
Replying to [comment:4 phobos]:
> If the user has never visited *.torproject.org, doing so over https
isn't going to stop an ssl mitm. Correct?
Thinking further about this, it's the same problem I have with our https
everywhere firefox extension, unless you include the ssl fingerprints and
serial numbers, how does the user know that the cert that is presented is
the correct cert?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3368#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list