Status

()

defect
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: mmc, Assigned: cviecco)

Tracking

(Blocks 1 bug)

unspecified
mozilla34
x86
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

This one uses lots of sha1 fingerprints, so we need to reach out and find the sha256 or pem equivalents.

https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=50
I think Camilo said he was already in contact with these folks.
Assignee: nobody → cviecco
Monica here are the keys (given by them not verified by me) it was also suggested that Mike Perry would be the point of contact from tor ( Mike, thank Roger)
	contingency-key-2011-1.pem
	8ee371493bfd500366a42f6417918aa6658dc776  -
	6d8cfd2530e4f3d5f7aaeddf82cc06fa5050b28e6f2343757f4471e20a389cba  -

	contingency-key-2011-2.pem
	9626b8de53e897348f548ab7e03c39eee61c2c3f  -
	c570b1853767eeec579de2526d00aaa00bee5b766d425da90d54dfdac7b04bcc  -

	contingency-key-2011-3.pem
	af313240828e87bee3f3b9f96e3594360b9717c6  -
	0a5782d6ac1447c24f807d675ef49ed951f10dee7f29f36cf7a12eb1b7d239fa  -
Mike, if you just want to use the Tor pinset currently in use by Chrome, we can just turn it on. If not, Camilo should be the one to coordinate since he's already in touch with you and Roger.

This file contains all of the hashes:
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.certs&l=207

This file gives the domain -> hash mapping:
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=50
    {
      "name": "tor",
      "static_spki_hashes": [
        "RapidSSL",
        "DigiCertEVRoot",
        "Tor1",
        "Tor2",
        "Tor3"
      ]
    },

{ "name": "tor2web",
      "static_spki_hashes": [
        "AlphaSSL_G2",
        "Tor2web"
      ]
},

    { "name": "tor2web.org", "include_subdomains": true, "pins": "tor2web" },
{ "name": "torproject.org", "mode": "force-https", "pins": "tor" },
    { "name": "blog.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" },
    { "name": "check.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" },
    { "name": "www.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" },
    { "name": "dist.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" },

Thanks,
Monica
Flags: needinfo?(mikeperry)
Posted patch tor-pinningSplinter Review
Attachment #8460506 - Flags: review?(mmc)
Attachment #8460506 - Flags: review?(mmc) → review+
Rober Dingledine said it was OK to use the Chrome fingerprints during PETS 2014 in the hallway track.
Flags: needinfo?(mikeperry)
https://hg.mozilla.org/mozilla-central/rev/ff57d7141f3c
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
You need to log in before you can comment on or make changes to this bug.