[tor-bugs] #11464 [Tor]: Implement a client-side blacklist for authority certificate signing keys

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 14 21:45:17 UTC 2014


#11464: Implement a client-side blacklist for authority certificate signing keys
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-client 024-backport
Actual Points:           |  023-backport heartbleed
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by nickm):

 Replying to [comment:4 andrea]:
 > I think this looks okay; my reading of
 networkstatus_check_consensus_signature() is that if insufficiently many
 good signatures exist, the client will reject the consensus and not
 function?

 Yes.

 >I presume these have already been rotated and we won't horribly break any
 clients by merging this unless someone tries to use stolen signing keys to
 do something nasty to them?

 We're still waiting on dizum and dannenberg.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11464#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list