[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 31 23:23:06 UTC 2014
#13379: Sign our MAR files
-----------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by mcs):
As it turns out, Mozilla has recently made some progress towards adding
signature support on all platforms. Here is their tracking bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=973933
Most of the dependent bugs have patches. One thing that is messy is that
they want to keep the updater executable as small and standalone as
possible, so they are doing things like using OS APIs to verify signatures
(on Windows they use CryptoAPI and on Mac OS they use Apple's Security
framework). I think they plan to use NSS on Linux, and we may want to use
NSS everywhere for trust and auditability reasons.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list