Opened 3 years ago

Closed 3 years ago

#20180 closed enhancement (fixed)

Pin public keys for aus1.tpo and cdn.tpo

Reported by: gk Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: brade, mcs Actual Points:
Parent ID: #19481 Points:
Reviewer: Sponsor:

Description (last modified by gk)

Eventually we want to point our Tor Browser update URL directly to aus1.tpo and want to have the additional security gained through key pinning for cdn.tpo as well.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by gk

Quoting yawning's comment:7:ticket:19481

 This shouldn't be done at all till it's possible to pin the cert chain for aus1.tpo over a prolonged period of time (not the rather short 3 months imposed by the Let's Encrypt cert lifespan).

WHile the scope of potential problems from not doing so should be limited to adversaries withholding updates (since the MARs are signed), that feels suboptimal.

comment:2 Changed 3 years ago by gk

Description: modified (diff)
Summary: Pin certificates for aus1.tpo and cdn.tpoPin public keys for aus1.tpo and cdn.tpo

comment:3 Changed 3 years ago by mcs

Cc: brade mcs added

comment:4 Changed 3 years ago by bugzilla

As Mike mentioned in #3555, there are different technologies of PK pinning. You can patch TBB yourself or ask Mozilla to extend FF's list. Sysadmins can only enable HPKP for you.

comment:5 Changed 3 years ago by bugzilla

Do you mean cdn-fastly.tpo by cdn.tpo?

getFirstPartyURI failed for https://cdn-fastly.torproject.org/aus1/torbrowser/6.5a3/tor-browser-win32-6.5a2-6.5a3_en-US.incremental.mar: 0x80070057

comment:6 Changed 3 years ago by weasel

Resolution: fixed
Status: newclosed

added hpkp for cdn and aus1.

Note: See TracTickets for help on using tickets.