Page MenuHomePhabricator

Certificate Authority (CA) Pinning for whonix.org
Closed, ResolvedPublic

Description

At the moment we are just as everyone else vulnerable to malicious certificate authorities issuing fraudulent SSL certificates.

CA pinning is in the works. References:

Not perfect, not only pinning the certificate fingerprint, still depending on two CA's but at least not on a massive amount of them.

Once done, we should apply for it.

Related:
T84

Details

Impact
Needs Triage

Event Timeline

JasonJAyalaP updated the task description. (Show Details)
JasonJAyalaP raised the priority of this task from to Needs Triage.
JasonJAyalaP triaged this task as Wishlist priority.
JasonJAyalaP added a subscriber: JasonJAyalaP.
Patrick set Impact to Needs Triage.
Patrick added a subscriber: HulaHoop.
Patrick updated the task description. (Show Details)Jul 9 2018, 7:19 AM
Patrick closed this task as Invalid.

Same as T84#14765.

Patrick changed the task status from Invalid to Resolved.Jul 14 2018, 12:02 PM

We have now a DNS Certification Authority Authorization (CAA) Policy.