[tor-bugs] #3368 [Website]: Add *.torproject.org to Chrome STS list
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jun 9 16:01:00 UTC 2011
#3368: Add *.torproject.org to Chrome STS list
----------------------------+-----------------------------------------------
Reporter: cypherpunks | Owner: phobos
Type: enhancement | Status: accepted
Priority: normal | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by cypherpunks):
It will stop anyone who tries to do an sslstrip attack and that is the
purpose. Anyone with a valid CA will be able to perform a MITM and in the
future, Chrome will have DNS binding that allows you to say _which_ CA
will be able to sign for your domain. So in the very near future, this
will actually prevent most MITM attacks and right away it will prevent
downgrade attacks.
If the user has torproject.org in the list, the website will simply break
and hopefully they will email us. That seems like a fine failure mode and
we can't really help them unless they do contact us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3368#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list