wiki:org/sponsors/Pantheon/Chronos

Project Chronos

Chronos is the ancient Greek primordial deity of time. Part of Part of Project Pantheon, running from October 2013 until October 2014.

Overview

Project Chronos is work to build a secure updater for Torbrowser, based on the Firefox updater, but incorporating the threat model and mitigations from Thandy.

This project is primarily going to be developed by Mark and Kathy of Pearl Crascent.

Phase One

Outline

  • opt-in
  • minimally-changed from Mozilla's Firefox updater
  • probably doesn't bundle HTTPS-everywhere
  • non-Gitian MARs
  • functional version-number management

Tickets

#10389
Make Firefox updater work with TB 3.x

Phase Two

Outline

Including some combination of the following:

  • update over Tor, and then eventually a hidden service
  • better signing system for updates
  • consensus check for Torbrowser packages
  • we update HTTPS-everywhere
  • reproducible MAR files
  • additional protections from the Thandy design

Tickets

#10390
Update over Tor
#10391
Update via a hidden service
#10392
Torbrowser updates are signed and verified by the updater
#10393
Torbrowser updates are verified through the Tor consensus
#10396
Reproducible MARs
#10397
Torbrowser's updater integrates additional protections from Thandy's threat model

Notes

We're going to need hosting/CDN infrastructure to make this work.

Last modified 4 years ago Last modified on Dec 13, 2013, 10:30:21 PM