Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4584 closed defect (fixed)

Implement a new certificate serial number strategy (part of proposal 179)

Reported by: asn Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-bridge
Cc: ioerror Actual Points:
Parent ID: #3972 Points:
Reviewer: Sponsor:

Description

We currently put time(NULL) in our certificate's serial numbers, which is not a good idea.

Proposal 179 says to put 8 random bytes as the serial numbers of our new certificates. It seems like a sane choice.

(Also see #4570 for another prop179 serial number trick which did make it in.)

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by asn

Summary: Implement a new certificate serial number strategyImplement a new certificate serial number strategy (part of proposal 179)

comment:2 Changed 8 years ago by asn

Status: newneeds_review

Check out branch bug4548 at git://gitorious.org/mytor/mytor.git.

It even contains a changes file, in case you needed it!

comment:3 in reply to:  2 Changed 8 years ago by asn

Replying to asn:

Check out branch bug4548 at git://gitorious.org/mytor/mytor.git.

It even contains a changes file, in case you needed it!

Oops typo: meant to say bug4584.

(probably typed '4548' too many times these days)

comment:4 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Looks correct to me. indenting that new block and adding a comment

comment:5 Changed 7 years ago by nickm

Keywords: tor-bridge added

comment:6 Changed 7 years ago by nickm

Component: Tor BridgeTor
Note: See TracTickets for help on using tickets.