[tor-bugs] #14269 [Tor Browser]: Imported certificate works only when "don't record browsing history" is unchecked
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 16 15:24:09 UTC 2015
#14269: Imported certificate works only when "don't record browsing history" is
unchecked
---------------------------------+------------------------------
Reporter: tbb403bugreport | Owner: tbb-team
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version: Tor: 0.2.5.10
Resolution: | Keywords: TBB, certificate
Actual Points: | Parent ID:
Points: |
---------------------------------+------------------------------
Comment (by cypherpunks):
Replying to [comment:2 isis]:
> I would tentatively argue that this behaviour is a feature, not a bug.
I disagree. While attackers like HT (or Lenovo...) can and do install
malicious certs, average users also legitimately need to install their own
sometimes and breaking this functionality don't do much but slow down the
kind of attackers who are in a position to do this.
Also in the case of that email, they were actually trying to install certs
to *use* tor (to access the HT portal), not to attack tor (according to
https://firstlook.org/theintercept/2015/07/16/hackingteam-attacked-tor-
browser/ - i haven't read all the related emails).
I, for one, would very much like to install the CAcert cert in my tor
browser! I haven't tried with 4.5 yet but I've been unable to install
certs the last times I've tried (probably circa tbb 4.0).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list