[tor-bugs] #17425 [GetTor]: Improve GetTor Signature Section
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 26 15:21:53 UTC 2015
#17425: Improve GetTor Signature Section
-------------------------+-------------------
Reporter: sukhbir | Owner: ilv
Type: defect | Status: new
Priority: Medium | Milestone:
Component: GetTor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID: #9036
Points: | Sponsor:
-------------------------+-------------------
The current GetTor reply we decided earlier was (and which is currently
deployed):
{{{
SHA256 of Tor Browser 32/64-bit (advanced):
443b38f4aa1194125ca3c79157272d5c64006928c9128127788c1cdefa642d85
Fingerprint of key used to sign Tor Browser (advanced): 8738 A680 B84B
3031 A630 F2DB 416F 0610 63FE E659
}}}
We can do better. If you see ticket:9036#comment:16, we will be
introducing a new section on signatures and verification of the bundles.
This is tricky since on one hand we want users to verify the bundles they
downloaded, but on the other, it's not always easy to do so. This ticket
will focus on what the text should look like and how we should ensure that
users are easily able to verify the bundles.
(It's easier said than done and it's not like we are the first ones trying
to solve this problem but we should focus on it from GetTor's context to
narrow it down.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17425>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list