[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 1 01:14:03 UTC 2014
#13379: Sign our MAR files
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-security, TorBrowserTeam201411R
Browser | Parent ID:
Resolution: |
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
It seems fine to me if we want to hold off until 4.5-alpha-3 for this for
stability and logistical reasons (key management, release delay), but that
said I think a SHA1-based sig is still better than no sig.
Still, to pick from the ones listed in secvfy.c, probably either:
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE or
SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list