[tor-bugs] #18940 [- Select a component]: Danger : verifying digital certificate and fake response !
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 2 10:41:10 UTC 2016
#18940: Danger : verifying digital certificate and fake response !
----------------------------------+-------------------------
Reporter: safeless | Owner:
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Resolution: invalid
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------+-------------------------
Changes (by yawning):
* status: new => closed
* resolution: => invalid
Comment:
> Iran cyber Army can generate a fake response for this! (connections on
port number 80 is not encrypted )
a) "All definitive response messages SHALL be digitally signed."
(https://tools.ietf.org/html/rfc6960)
b) It's Microsoft's signature scheme, mechanism and implementation. Go
complain to them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18940#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list