[tor-bugs] #22925 [Applications/Tor Browser Sandbox]: Make the extension whitelist public key cryptography based.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 19 19:31:00 UTC 2017


#22925: Make the extension whitelist public key cryptography based.
----------------------------------------------+-------------------------
 Reporter:  yawning                           |          Owner:  yawning
     Type:  enhancement                       |         Status:  new
 Priority:  Medium                            |      Milestone:
Component:  Applications/Tor Browser Sandbox  |        Version:
 Severity:  Normal                            |     Resolution:
 Keywords:                                    |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+-------------------------

Comment (by yawning):

 This *might* be vaguely ok if it used hardened SHA1.  In that case,
 there's a PKCS7 library at https://github.com/fullsailor/pkcs7 that
 purports to support what is required.

 But this ultimately depends on NoScript, torbutton and torlauncher being
 signed with non-Mozilla keys.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22925#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list