[tor-bugs] #17113 [Tor Browser]: check is it possible to check if a specific CA is intalled in the browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 20 04:57:17 UTC 2015
#17113: check is it possible to check if a specific CA is intalled in the browser
-------------------------+--------------------------
Reporter: elypter | Owner: tbb-team
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
is it possible to do active probing on installed certificates without
showing a certificate warning? maybe hidden in an iframe or popup or using
webrtc. everything that could load if the certificate is installed and be
blocked otherwise.
if possible it could be misused to find out if a user is vulnerable to a
hiden mitm attack.
users of goagent, shaddow socks and cooperate content filters could be
vulnerable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17113>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list