[tor-bugs] #28971 [Applications/Tor Browser]: (Sub)key rotation sometimes break downstream projects

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 2 05:44:41 UTC 2019 

#28971: (Sub)key rotation sometimes break downstream projects
--------------------------------------+----------------------------------
 Reporter:  ahf                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:  Tor: unspecified
Component:  Applications/Tor Browser  |        Version:  Tor: unspecified
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+----------------------------------

Comment (by arma):

 Thanks for getting us started here ahf.

 {{{
 pub   4096R/4E2C6E8793298290 2014-12-15 [expires: 2020-08-24]
 uid                          Tor Browser Developers (signing key)
 <torbrowser at torproject.org>
 sub   4096R/EB774491D9FF06E2 2018-05-26 [expires: 2020-09-12]
 }}}

 It looks like the master signing key (not just the subkey) is due to
 expire in 20 months. So we are on track for another surprise for all the
 various distros and packages that try to automate checking the signature.

 The trouble for torbrowser-launcher in particular is that it seems to
 hard-code a key and then get included in a stable distro, and then users
 of that stable distro are screwed once the key changes.

 So far we've just been blaming those users for wanting to use torbrowser-
 launcher, but I wonder if we can do better. In particular, I hope we can
 decide on a policy for the tor browser signing key that is maximally
 predictable to downstream automation (something like "the master key will
 last forever, but you should expect that it will get new subkeys
 periodically, but we promise to publish each new subkey 12 months before
 we start using it, and also here is a torproject.org https url where the
 current full key will always be available") and then get good at sticking
 to our policy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28971#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list