[tor-bugs] #31718 [Internal Services/Tor Sysadmin Team]: Update DNS records for .ooni.torproject.org domains
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 17 17:23:21 UTC 2019
#31718: Update DNS records for .ooni.torproject.org domains
-------------------------------------------------+-------------------------
Reporter: hellais | Owner: anarcat
Type: defect | Status:
| assigned
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by hellais):
So we looked into this with @anarcat and encountered the following issues:
- The current setup has both HSTS and certificate pinning enabled for the
ooni.torproject.org website
- It is not straightforward to do custom HTTPS changes on the current ooni
hosting service (netlify)
Since the maxage for the certificate pinning is set to 60 days we will
need to wait for that amount of time before we are able to migrate over.
In the meantime @anarcat is going to see how to disable the certificate
pinning headers from the ooni.torproject.org host config, so that we can
begin waiting the 60 days after which we can proceed with the CNAME plan
as mentioned above.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31718#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list