Opened 19 months ago

Closed 16 months ago

Last modified 4 months ago

#20589 closed task (fixed)

Create new MAR signing key for Tor Browser

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201701R, GeorgKoppen201701, tbb-no-uplift
Cc: boklm, yawning Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We want to start with the usual MAR signing key rotation soon. Thus, we should create a new key and embed the related certs into Tor Browser.

Child Tickets

Change History (11)

comment:1 Changed 18 months ago by gk

Keywords: GeorgKoppen201612 added; GeorgKoppen201611 removed

Moving my tickets

comment:2 Changed 18 months ago by gk

Keywords: TorBrowserTeam201612 added; TorBrowserTeam201611 removed

Moving tickets to December.

comment:3 Changed 17 months ago by gk

FWIW: We already included a new secondary key earlier this year (#18008). The plan is to move that one into the first position and add a new one as the secondary signing key. This should happen for 7.0a1 and we would test that everything is working within the 7.0 alpha series.

comment:4 Changed 17 months ago by yawning

Cc: yawning added

comment:5 Changed 17 months ago by gk

Keywords: TorBrowserTeam201701 added; TorBrowserTeam201612 removed

Moving our tickets to January 2017

comment:6 Changed 17 months ago by gk

Keywords: GeorgKoppen201701 added; GeorgKoppen201612 removed

comment:7 Changed 16 months ago by gk

Keywords: TorBrowserTeam201701R added; TorBrowserTeam201701 removed
Status: newneeds_review

bug_20589 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_20589&id=2460ea50270ee95183aee35e07190d7f819e41be) in my public Tor Browser repo has the cert for the new key and the secondary key moved to the first position. Regarding testing I followed a similar strategy as in comment:1:ticket:18008. The binaries for that are in https://people.torproject.org/~gk/testbuilds/20589. The successful update updates the alpha to a nightly.

Note to self for the next time: Don't try to get it working with a nightly tar.xz. It will fail again, for reasons. :)

comment:8 Changed 16 months ago by mcs

r=mcs
Looks good to me.

comment:9 Changed 16 months ago by gk

Fixed with commit d69306e9517d718a6019b6f4814ef93591185895 on tor-browser-45.6.0esr-6.5-1, thanks.

comment:10 Changed 16 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

comment:11 Changed 4 months ago by arthuredelstein

Keywords: tbb-no-uplift added
Note: See TracTickets for help on using tickets.