[tor-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 1 16:07:15 UTC 2019
#29628: Distrust DarkMatter Intermediate CAs
-----------------------+------------------------------------------
Reporter: nsuchy | Owner: tbb-team
Type: defect | Status: new
Priority: Immediate | Component: Applications/Tor Browser
Version: | Severity: Critical
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------+------------------------------------------
Mozilla Firefox's root trust store trusts an intermediate ca for a spying
firm called DarkMatter. They trust they intermediate ca as it was signed
by Quovadis.
This already puts Tor users at risk as they can spy today, however once
they are a root ca there will be no oversight by Quovadis/Digicert and
they can misbehave and issue secret certificates to spy on Tor users.
They have a business interest in spying on HTTPS traffic. Google Chrome
and Mozilla Firefox are still discussing this. It's in the best interest
of Tor Users to immediately distrust the intermediate CA.
Thoughts?
References:
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-
darkmatter-request-to-be-trusted-root-ca-raises-concerns/
https://protonmail.com/blog/dark-matter-quo-vadis/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29628>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list