Page MenuHomePhabricator
Create Task
Maniphest T66

Certificate Authority (CA) Pinning for whonix.org
Closed, ResolvedPublic
Actions

Description

At the moment we are just as everyone else vulnerable to malicious certificate authorities issuing fraudulent SSL certificates.

CA pinning is in the works. References:

Not perfect, not only pinning the certificate fingerprint, still depending on two CA's but at least not on a massive amount of them.

Once done, we should apply for it.

Related:
T84

Details

Impact
Needs Triage

Related Objects

Event Timeline

JasonJAyalaP created this task.Jan 13 2015, 9:47 PM
JasonJAyalaP raised the priority of this task from to Needs Triage.
JasonJAyalaP triaged this task as Wishlist priority.
JasonJAyalaP updated the task description. (Show Details)
JasonJAyalaP added projects: infrastructure, security, Whonix.
JasonJAyalaP added a subscriber: JasonJAyalaP.
Patrick added projects: website, research.Aug 28 2016, 8:05 PM
Patrick set Impact to Needs Triage.
Patrick added a subscriber: HulaHoop.
Herald added a subscriber: WhonixQubes. · View Herald TranscriptAug 28 2016, 8:05 PM
Patrick added subscribers: marmarek, entr0py, Ego.May 18 2017, 6:21 PM
Patrick closed this task as Invalid.Jul 9 2018, 7:19 AM
Patrick updated the task description. (Show Details)

Same as T84#14765.

Patrick changed the task status from Invalid to Resolved.Jul 14 2018, 12:02 PM

We have now a DNS Certification Authority Authorization (CAA) Policy.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer