#20180: Pin certificates for aus1.tpo and cdn.tpo
 Reporter:  gk                                   |          Owner:  tpa
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:  #19481                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by gk):

 Quoting yawning's comment:7:ticket:19481
  This shouldn't be done at all till it's possible to pin the cert chain
 for aus1.tpo over a prolonged period of time (not the rather short 3
 months imposed by the Let's Encrypt cert lifespan).

 WHile the scope of potential problems from not doing so should be limited
 to adversaries withholding updates (since the MARs are signed), that feels

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20180#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to