[tor-bugs] #3555 [Tor Browser]: Pin *.torproject.org's certs in TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 17 08:12:09 UTC 2015


#3555: Pin *.torproject.org's certs in TBB
-----------------------------+-------------------------------
     Reporter:  tagnaq       |      Owner:  cyperpunks
         Type:  enhancement  |     Status:  assigned
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-firefox-patch
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-------------------------------

Comment (by vynX):

 Arma, we are talking about Tor Browser the way it gets shipped here, it
 should know its own onions and it doesn't take any extra certificate
 pinning implementation to know them – it is enough to have the right
 .onion names in all of the default URLs that are shipped with the browser.
 So the problem of users not being able to memorize onion addresses except
 for Facebook's and mine, with all due respect, doesn't exist in this
 constellation. Also I know of trusted Tor developers owning powerful
 multi-processor machines in their trusted homes capable of generating some
 really neat and memorizable torproject12core.onion address.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list