[tor-bugs] #3555 [Firefox Patch Issues]: TBB: hardcode SSL cert check to prevent MITM
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jul 13 14:58:36 UTC 2012
#3555: TBB: hardcode SSL cert check to prevent MITM
----------------------------------+-----------------------------------------
Reporter: tagnaq | Owner: mikeperry
Type: enhancement | Status: assigned
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Changes (by proper):
* cc: torbox@… (added)
Comment:
I can't agree with "low priority". *.tpo had been spoofed in past by
compromised CA already.
If they takeover check.tpo, a site which every Tor user will see each time
he starts Tor Browser, and advise users to install some malware, that's
something, isn't it?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list