Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Created by Trac@tracbot

Provide gpg-self-signed SSL certificate to enable meaningful certificate pinning

I suggest publishing a GPG-self-signed SSL certificate for the website, in order to enable meaningful certificate pinning.

To avoid forcing ignorant users to have to deal with warning messages for the self-signed certificate, the GPG-self-signed SSL version of the website would be published on a different port number, and so the standard SSL port number can continue to serve the SSL CA-signed (but therefore less trusted) content.

An attacker on Tor users in a country may succeed simply by modifying web site documentation (via on the fly certificate rewriting) to give the wrong advice. It matters little then that the software itself is GPG-signed.

For a website example, the https://dev.mutt.org/trac/ website utilizes a GPG-self-signed SSL certificate (but doesn't provide a CA signed certificate). See description on that page.

Trac:
Username: vinsci

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information