[tor-bugs] #22925 [Applications/Tor Browser Sandbox]: Make the extension whitelist public key cryptography based.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 14 18:09:35 UTC 2017
#22925: Make the extension whitelist public key cryptography based.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
If/when the Tor Browser people decide to do the sensible thing and start
signing all of the XPIs bundled with Tor Browser, the extension whitelist
can be made more resilient to Tor Browser changes by validating XPI
signatures with it's own copies of the public key.
Till then it will be somewhat fragile, though new extensions don't get
added very often, so it's "merely" a matter of keeping in sync with the
browser.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22925>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list