torbrowser-launcher icon indicating copy to clipboard operation
torbrowser-launcher copied to clipboard

Published 20 hours ago verified publisher icon torproject

Add a "Report" button when detecting a possible MITM attack

Open micahflee opened this issue 12 years ago • 2 comments

invalid_sig

When a signature verification fails, and maybe in other situations like when the certificate served by https://www.torproject.org/ isn't valid, it should offer a button to report this back to Tor. I'm open to suggestions on what this button will do.

micahflee avatar Feb 18 '13 20:02 micahflee

If the Tor network is available, I'd suggest you post to https://trac.torproject.org/ and open a bug report as cypherpunks.

If the Tor network is not available, I'd suggest a user is prompted to manually report the bug and is presented with a text file containing the data.

Alternatively, we can try the bug reporting systems on Debian and Ubuntu.

ioerror avatar Feb 18 '13 20:02 ioerror

I think the reporting functionality should not just appear for bad signature verification, but also for bad SSL certificate pinning (#1).

micahflee avatar May 21 '13 18:05 micahflee