[tor-bugs] #3555 [Applications/Tor Browser]: Pin *.torproject.org's certs in TBB

[Tor Bug Tracker & Wiki]

#3555: Pin *.torproject.org's certs in TBB
--------------------------------------+--------------------------
 Reporter:  tagnaq                    |          Owner:  tbb-team
     Type:  enhancement               |         Status:  reopened
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-firefox-patch         |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by bugzilla):

 Replying to [comment:30 yawning]:
 > No.  `aus1.torproject.org` is not pinned.  Unless we don't care about
 just the alpha/hardened channels update metadata information.
 Hmm, neverending ticket? (gk doesn't like when closed tickets are reopened
 for regressions)
 Have you read all Mike's comments here?
 This story ended and got upstreamed (yes, the summary is talking about
 something else).
 As you can see, *.tpo was not pinned entirely (despite it's easier), so
 there were reasons to create this special handling. And for your
 "regression" there is #20180.

 But it's good to mention that thoughts discussed in this ticket about
 creating your own pinning infrastructure instead of relying of FF's
 pinsets are worth to be addressed in a new proposal.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online