[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 18 15:19:47 UTC 2014
#13379: Sign our MAR files
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-security,
Browser | TorBrowserTeam201412,TorBrowserTeam201412R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Replying to [comment:54 gk]:
> Okay, pushed. One final thing: Given that Mozilla's certificates were
only valid in a three month period several years ago it seems the related
cert attributes are not checked during signature verification and our
certificates are essentially never invalid, right?
Yes. I am sorry we forgot to mention this sooner. Looking at the code in
libmar, the public key is extracted from the cert data (that is compiled
into the updater) via a couple of NSS calls:
CERT_NewTempCertificate() and CERT_ExtractPublicKey(). I don't think
those calls to do cert validity checks, and I don't think the signature
verifications calls do either, e.g., NSS_VerifySignature().
On the one hand, this is good because it means that old browsers can
verify the MAR signatures even after the signing key expires. On the
other hand, there does not seem to be a way to revoke a certificate.
Do we need to fix this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:55>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list