[tor-bugs] #13730 [Tor Browser]: Make use of MAR files with more than one signature
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 11 14:34:00 UTC 2014
#13730: Make use of MAR files with more than one signature
-----------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by gk):
Quoting comment:7:ticket:13379:
{{{
we may want to consider having two or three keys: one held by Georg, one
by myself, and one on a dist server. Though this has downsides in that it
would require Georg and I to always be available to sign builds.. I
suppose we could instead share a builders key, and then have the second
key live on a signing machine that other people can get access to in an
emergency?
}}}
Would it be smart to have a kind of a threshold system here instead,
taking the burden off of us to be always available for signing (I still
hope this happens for the reproducible builds itself too, one day)? We
could then start with having Mike's key and mine and a third one (be it
the general building key we are about to create or an other one) and with
saying the update is okay iff two signatures are available and valid.
We could even loosen the latter condition: we could have this threshold
but still allow just one signature with an additional dialog explaining
things given that most users are still verifying only the package
signature. Not sure if that would be worth the effort though assuming we
have at least two builders anyway which could then sign the MAR files,
too...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13730#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list