torbrowser-launcher
torbrowser-launcher copied to clipboard
Feature request: check whether the signing key has expired **when a release is signed**
Currently torbrowser-launcher
will make sure that the subkey used to sign the newest tor browser release doesn't expire, otherwise it will raise an error "SIGNATURE VERIFICATION FAILED! Error Code: ...: Key expired". However, sometimes when tor developers signed the then newest release, the subkey hadn't expire yet, but several days later the key expired. If there hadn't been a new tor browser release signed with a new key, then torbrowser-launcher
would continuously throw the "SIGNATURE VERIFICATION FAILED" error, despite the fact that the release downloaded was the latest one and signed (See https://github.com/micahflee/torbrowser-launcher/issues/562#issuecomment-860165601).
This behavior has caused much confusion and inconvenience (e.g., see #563, #562, #561, #559, #557, #556, #550, #548).
To address this issue, I think torbrowser-launcher
should check whether the signing key has expired when a release is signed rather than merely check whether the signing key has expired. Nevertheless, if the signing key has expired before the signature is made, torbrowser-launcher
should always throw an error.
To prevent downgrade attack, torbrowser-launcher
can use other methods to ensure that the signature downloaded is indeed for the latest tor browser release; or torbrowser-launcher
can display a warning but not an error, providing the user with the choice to proceed after manually verifying that the downloaded tor browser is the latest one.