Pin public keys for aus1.tpo and cdn.tpo

Eventually we want to point our Tor Browser update URL directly to aus1.tpo and want to have the additional security gained through key pinning for cdn.tpo as well.

added component::internal services/tor sysadmin team owner::tpa parent::19481 priority::medium resolution::fixed severity::normal status::closed type::enhancement labels

Quoting yawning's comment:7:ticket:19481

 This shouldn't be done at all till it's possible to pin the cert chain for aus1.tpo over a prolonged period of time (not the rather short 3 months imposed by the Let's Encrypt cert lifespan).

WHile the scope of potential problems from not doing so should be limited to adversaries withholding updates (since the MARs are signed), that feels suboptimal.

Trac:
Description: Eventually we want to point our Tor Browser update URL directly to aus1.tpo and want to have the additional security for cdn.tpo as well.

to

Eventually we want to point our Tor Browser update URL directly to aus1.tpo and want to have the additional security gained through key pinning for cdn.tpo as well.
Summary: Pin certificates for aus1.tpo and cdn.tpo to Pin public keys for aus1.tpo and cdn.tpo

Trac:
Cc: N/A to brade, mcs

As Mike mentioned in #3555 (moved), there are different technologies of PK pinning. You can patch TBB yourself or ask Mozilla to extend FF's list. Sysadmins can only enable HPKP for you.

Do you mean cdn-fastly.tpo by cdn.tpo?

getFirstPartyURI failed for https://cdn-fastly.torproject.org/aus1/torbrowser/6.5a3/tor-browser-win32-6.5a2-6.5a3_en-US.incremental.mar: 0x80070057

added hpkp for cdn and aus1.

Trac:
Resolution: N/A to fixed
Status: new to closed

closed