[tor-bugs] #3555 [Firefox Patch Issues]: Pin *.torproject.org's certs in TBB (was: TBB: hardcode SSL cert check to prevent MITM)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 23 01:16:58 UTC 2013
#3555: Pin *.torproject.org's certs in TBB
----------------------------------+-----------------------------------------
Reporter: tagnaq | Owner: cyperpunks
Type: enhancement | Status: assigned
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Changes (by mikeperry):
* owner: mikeperry => cyperpunks
* priority: major => normal
Comment:
The reality is that if Mozilla doesn't support cert pinning for arbitrary
requests (beyond just updates+addons: see
https://wiki.mozilla.org/Security/Features/CA_pinning_functionality), I'm
not going to implement this. Until that point, our priority is not "major"
for this ticket.
If you feel otherwise, you must write a patch to implement pinning before
arguing over the priority of this ticket, or point me to the actual
Firefox pinning implementation.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list