On 27 January 2016 at 03:30, Linus Nordberg linus@torproject.org wrote:
Hi,
As part of working on the CT Gossip draft [0] I find myself thinking about local trust anchors and how they might change browser behaviours.
My understanding is that Tor Browser behaves like Firefox wrt locally added CA certs. If that's correct, do you know if FF treats pinning the way the "What Is HPKP For?" post [1] describes it?
AFAIK no changes have been made to the TLS stack or local trust roots except disabling session resumption, and enabling TLS 1.2 by default (which I think FF has finally caught up with TBB). So yes, if one added a local root to TBB it would override pinning. However, neither add-ons nor locally added roots seem to survive "New Identity". I think it's unlikely many TBB users have locally installed roots, considering they'd have to re-add them all the time.
In the past I have advocated for both curating the Trust Store more aggressively, and experimenting with TLS stack changes, but the problems there are the political concerns that come with running your own Trust Store and maintaining the stack changes.
Another question that I find interesting is if TB could do better regarding fingerprintability based on what TLS session the browser accepts.
I'm not sure what you mean here, could you elaborate?
-tom