[tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 14 21:45:17 UTC 2014
#11464: Implement a client-side blacklist for authority certificate signing keys
-------------------------+-------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client 024-backport
Actual Points: | 023-backport heartbleed
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by nickm):
Replying to [comment:4 andrea]:
> I think this looks okay; my reading of
networkstatus_check_consensus_signature() is that if insufficiently many
good signatures exist, the client will reject the consensus and not
function?
Yes.
>I presume these have already been rotated and we won't horribly break any
clients by merging this unless someone tries to use stolen signing keys to
do something nasty to them?
We're still waiting on dizum and dannenberg.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11464#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list