[tor-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 28 13:04:49 UTC 2015
#17442: adjust or remove updater cert pinning
-----------------------------+----------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------
The updater uses a couple of hidden prefs. to do its own form of cert
pinning. But changes are afoot on the server side; see
https://bugzilla.mozilla.org/show_bug.cgi?id=1219185
Here are the hidden prefs we currently use inside Tor Browser:
{{{
pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance
Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
pref("app.update.certs.1.commonName", "*.torproject.org");
}}}
These prefs are consulted when the update code connects to
https://www.torproject.org
I am not an expert in this area, but it seems like it might be better to
just disable the updater-specific checks that use the above prefs. and
instead rely on the more general pinning that is defined inside
security/manager/boot/src/StaticHPKPins.h (when we added these updater
prefs, we did not yet have the more general form of pinning in place).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list