[tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 15 20:18:05 UTC 2015
#17442: adjust or remove updater cert pinning
-----------------------------------+-----------------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201512R | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+-----------------------------------
Comment (by gk):
I think this is important enough for warranting s test which makes sure we
really get the pinning we want. This can probably happen in a follow-up
ticket or here if you think. Did you specifically look at what
`security.cert_pinning.enforcement_level` set to `2` does and that this
does not have holes which can bypass pinning? That was the other things
that held me back from closing this ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list