[tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 14 21:29:06 UTC 2014


#11464: Implement a client-side blacklist for authority certificate signing keys
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-client 024-backport
Actual Points:           |  023-backport heartbleed
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by andrea):

 I think this looks okay; my reading of
 networkstatus_check_consensus_signature() is that if insufficiently many
 good signatures exist, the client will reject the consensus and not
 function?  I presume these have already been rotated and we won't horribly
 break any clients by merging this unless someone tries to use stolen
 signing keys to do something nasty to them?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11464#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list