[tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 15 20:51:15 UTC 2015
#3555: Pin *.torproject.org's certs in TBB
-----------------------------+-------------------------------
Reporter: tagnaq | Owner: cyperpunks
Type: enhancement | Status: assigned
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-firefox-patch
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------------------
Comment (by arma):
Replying to [comment:25 vynX]:
> If the torproject.org sites were available as hidden services then the
self-authenticating feature of public-key addresses would obsolete the
need to pin any certificates.
I like where you're trying to go with this, but it is alas wrong. It
assumes that somehow everybody knows the right onion names for each
service. And then we're back to a very similar problem.
But more generally, it is not useful to get into a discussion here about
what security properties onion services get. The previous comments here
make this look like we should close as a wont-fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list