Closed Bug 1004353 Opened 11 years ago Closed 10 years ago

Enable pinning for tor

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: mmc, Assigned: cviecco)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

tor-pinning
(deleted), patch
mmc
: review+
Details | Diff | Splinter Review
This one uses lots of sha1 fingerprints, so we need to reach out and find the sha256 or pem equivalents. https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=50
I think Camilo said he was already in contact with these folks.
Assignee: nobody → cviecco
Monica here are the keys (given by them not verified by me) it was also suggested that Mike Perry would be the point of contact from tor ( Mike, thank Roger) contingency-key-2011-1.pem 8ee371493bfd500366a42f6417918aa6658dc776 - 6d8cfd2530e4f3d5f7aaeddf82cc06fa5050b28e6f2343757f4471e20a389cba - contingency-key-2011-2.pem 9626b8de53e897348f548ab7e03c39eee61c2c3f - c570b1853767eeec579de2526d00aaa00bee5b766d425da90d54dfdac7b04bcc - contingency-key-2011-3.pem af313240828e87bee3f3b9f96e3594360b9717c6 - 0a5782d6ac1447c24f807d675ef49ed951f10dee7f29f36cf7a12eb1b7d239fa -
Mike, if you just want to use the Tor pinset currently in use by Chrome, we can just turn it on. If not, Camilo should be the one to coordinate since he's already in touch with you and Roger. This file contains all of the hashes: https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.certs&l=207 This file gives the domain -> hash mapping: https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=50 { "name": "tor", "static_spki_hashes": [ "RapidSSL", "DigiCertEVRoot", "Tor1", "Tor2", "Tor3" ] }, { "name": "tor2web", "static_spki_hashes": [ "AlphaSSL_G2", "Tor2web" ] }, { "name": "tor2web.org", "include_subdomains": true, "pins": "tor2web" }, { "name": "torproject.org", "mode": "force-https", "pins": "tor" }, { "name": "blog.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, { "name": "check.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, { "name": "www.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, { "name": "dist.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, Thanks, Monica
Flags: needinfo?(mikeperry)
Attached patch tor-pinning (deleted) — Splinter Review
Attachment #8460506 - Flags: review?(mmc)
Attachment #8460506 - Flags: review?(mmc) → review+
Rober Dingledine said it was OK to use the Chrome fingerprints during PETS 2014 in the hallway track.
Flags: needinfo?(mikeperry)
https://hg.mozilla.org/mozilla-central/rev/ff57d7141f3c
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: