[tbb-bugs] #18287 [Applications/Tor Browser]: Use SHA-2 signature for Tor Browser setup executables
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 20 09:22:03 UTC 2018
#18287: Use SHA-2 signature for Tor Browser setup executables
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201802 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by gk):
Looking at https://bugzilla.mozilla.org/show_bug.cgi?id=1245842 it seems
Mozilla is not dual-signing things either. Instead, if I understand it
correctly (https://bugzilla.mozilla.org/show_bug.cgi?id=1245895), they are
redirecting users with older systems to binaries signed with SHA1 while
properly supported ones get SHA2 signed installers.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list