#3555: Pin *.torproject.org's certs in TBB --------------------------------------+-------------------------- Reporter: tagnaq | Owner: tbb-team Type: enhancement | Status: reopened Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-firefox-patch | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by cypherpunks): Replying to [comment:30 yawning]: > No. `aus1.torproject.org` is not pinned. Unless we don't care about just the alpha/hardened channels update metadata information. Indeed, and this sounds like mistakenly pinned/missed subdomains: [https://gitweb.torproject.org/tor- browser.git/tree/security/manager/ssl/StaticHPKPins.h?h=tor- browser-45.4.0esr-6.5-1#n1112 torproject.org] {{{"torproject.org", false, false, false, -1, &kPinset_tor}}}, doesn't include subdomains [https://gitweb.torproject.org/tor- browser.git/tree/security/manager/ssl/StaticHPKPins.h?h=tor- browser-45.4.0esr-6.5-1#n1149 www.torproject.org] {{{"www.torproject.org", true, false, false, -1, &kPinset_tor}}}, do include subdomains -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3555#comment:31> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs