[tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Sep 2 14:19:26 UTC 2011
#3861: begin signing Windows packages the Windows way
--------------------------------------+-------------------------------------
Reporter: erinn | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by erinn):
Yes, that is a very good summary of the situation. I don't think I decided
not to bother -- it was left as a 'controversial' issue, but I think we
should explore it more. Right now when you install one of our Windows
packages, it comes from an 'Unknown' publisher which is much more trivial
to spoof than one that claims to be from Tor Project, Inc. and has a
key/cert/whatever to prove it.
But to reiterate, I think we should explore this in more depth to see what
the tradeoffs are. Because although it may be more difficult for someone
to build a fake Windows bundle and then claim to be from us, it will also
be much more convincing if they pull it off.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list