Re: [Tails-dev] TAILS (Tor Linux distribution) contains extr…

Delete this message

Reply to this message
Autore: Alessandro Grassi
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
Hi,

2013/10/17, Anonymous Remailer (austria) <mixmaster@???>:
>
> I have a question:
>
> Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR)
> Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution)
>
> To be found in Tails (not found in TBB), some additional certificates:
>
> DigiCert Inc -> DigiCert High Assurance EV CA-1
> DigiCert Inc -> DigiCert High Assurance CA3
> GeoTrust Inc. -> Google Internet Authority G2
> StartCom Ltd. -> StartCom Class 2 Primary Intermediate Server CA
> The Go Daddy Group, Inc -> Go Daddy Secure Certification Authority
> The USERTRUST Network -> Gandi Standard SSL CA
>
> All these are listed as "Software Security Device" certificaties.
> The others are "Builtin Object Token" and baked in the browser.
>
> Mozilla's documentation explains about "Software Security Devices":
>
> "Software Security Device stores your certificates and keys that aren't
> stored on external security devices, including any CA certificates that you
> may have installed in addition to those that come with the browser. "
>
> https://www.mozilla.org/projects/security/pki/psm/help_21/using_certs_help.html
>
> Question is: did TAILS added some extra CA's ?
>
>
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
>


I've got all of those (and more listed as "Software Security Device")
in Iceweasel on my regular Debian system. Likely, either Debian adds
such certificates to upstream Firefox, or TorProject removes them when
they build TorBrowser

Alessandro