subject:"\[tor\-bugs\] #20149 \[Applications\/Quality Assurance and Testing\]\: Test that static public key pins are working"

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2018-08-18 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security, tls|  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * keywords:  tbb-security => tbb-security, tls


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-19 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:3 boklm]:
 > In 59782207d2e5976d11226496f3dec57917cc5962 I added a test that checks
 that key pinning on https://pinning-test.badssl.com/ is working. We are
 checking that the page fails to load, and that the error pages has
 `MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE` as `errorCode`.

 The above test looks OK to me.

 > We are checking that it is working at the current date. I think I can
 add an other test on Linux that uses libfaketime to check that it also
 works at a date 2 or 3 months in the future.

 That seems like a good idea. Should we also check, as part of our build
 process, that the timestamp in security/manager/ssl/StaticHPKPins.h is
 reasonable? I guess that would be a redundant check, but it might still be
 a good idea.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-19 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * cc: brade, mcs (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-19 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 In 59782207d2e5976d11226496f3dec57917cc5962 I added a test that checks
 that key pinning on https://pinning-test.badssl.com/ is working. We are
 checking that the page fails to load, and that the error pages has
 `MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE` as `errorCode`.

 We are checking that it is working at the current date. I think I can add
 an other test on Linux that uses libfaketime to check that it also works
 at a date 2 or 3 months in the future.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-16 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * owner:  cypherpunks => boklm
 * status:  new => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-16 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Major| Resolution:
 Keywords:  tbb-security |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * type:  defect => enhancement


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

2016-09-16 Thread Tor Bug Tracker & Wiki

#20149: Test that static public key pins are working
-+-
 Reporter:  gk   |  Owner:  cypherpunks
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance   |Version:
  and Testing|   Keywords:  tbb-
 Severity:  Major|  security
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 It might be smart to have a test for verifying that the static PKPs in
 Firefox are working. It seems to me we can use https://pinning-
 test.badssl.com for that.

 This seems especially worthwhile as the pinning woes are not over with the
 switch to ESR 45.4.0 yet. See:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1303127 for more details.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

Re: [tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

[tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working

7 matches

Site Navigation

Mail list logo

Footer information