[tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?
grarpamp
grarpamp at gmail.com
Wed Aug 8 01:51:01 UTC 2018
> did you notice the non-HSTS/HSTS distinction when trying to add an exception?
If there is, would have to look closer, thx.
Though a bit moot unless recompilation is needed to add.
>>> Should Torbrowser ship a few common interm. CAs by default?
>>
>> No. Because when LE gets compromised, then you have
>> a million tbb's blindly trusting rogue / stolen certs, mitm, etc,
>
> I'm not saying that interm. certificates should be shipped as root CAs
They're signed by others and not typically self signed and they're not "root"
CA's under typical cert hierarchy checks against the handful of default cert
store repositories out there. Nor do I or the code treat int's as roots,
and the subject thread clearly is on int's.
A shipped cert is a shipped cert.
And which certs get added, from which interim spaces China's / RU / US / IN,
only internet activist orgs / big corps / edu's, who defines them,
checks the certs,
decides, what stops the slope.
>> If the admin won't fix it, then the user can add it manually.
>
> telling people to manually import/trust certificates is a dangerous advice.
> (and I believe most users will fail to do that on an HSTS enabled site)
Up to the importer / truster, no different than with PGP, overlay bootstraps,
govt id's, etc. That's one interim fix. Whether they're dumb or smart about
it, or do it at all, is up to them.
I don't want int's that don't meet cert store policies coded in my tools,
just the same as I don't want any root stores shipped in my tools.
Look at all those twistable / govt / third party entities in those stores.
No thanks. Not when building from zero, transparency, oob verification,
tofu, fingerprinting / pinning, dns, etc are available, including using default
cert stores, at least through library calls to outside the app.
>> If the user isn't keeping state, or carrying cert on usb, that's
>> their choice and problem
>
> I disagree on blaming the user for a server side configuration issue
The server, and aside the CA vs certstore game, was blamed.
The users's response is separate, thus not related or blameable.
More information about the tor-talk
mailing list