[tor-bugs] #17113 [Tor Browser]: check is it possible to check if a specific CA is intalled in the browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Sep 20 04:57:17 UTC 2015


#17113: check is it possible to check if a specific CA is intalled in the browser
-------------------------+--------------------------
 Reporter:  elypter      |          Owner:  tbb-team
     Type:  task         |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 is it possible to do active probing on installed certificates without
 showing a certificate warning? maybe hidden in an iframe or popup or using
 webrtc. everything that could load if the certificate is installed and be
 blocked otherwise.
 if possible it could be misused to find out if a user is vulnerable to a
 hiden mitm attack.
 users of goagent, shaddow socks and cooperate content filters could be
 vulnerable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17113>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list