Re: [Tails-dev] TAILS (Tor Linux distribution) contains extr…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Para: tails-dev, tor-talk, mixmaster
Assunto: Re: [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
Hi,

Anonymous Remailer (austria) wrote (17 Oct 2013 17:58:39 GMT) :
> I have a question:


@OP: first, it seems you have cross-posted this to at least tor-talk,
tails-dev and Full-Disclosure, without making it clear with an
explicit Cc:. This will painfully lead to various unlinked discussions
and will be a mess for us to address this question. So, please don't
do that next time, thanks in advance :)

I'm setting I-R-T and References headers to at least avoid breaking
the thread on tor-talk and tails-dev.

> Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR)
> Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution)


> To be found in Tails (not found in TBB), some additional certificates:


Thanks for carefully auditing this aspect of Tails.

> DigiCert Inc -> DigiCert High Assurance EV CA-1
> DigiCert Inc -> DigiCert High Assurance CA3
> GeoTrust Inc. -> Google Internet Authority G2
> StartCom Ltd. -> StartCom Class 2 Primary Intermediate Server CA
> The Go Daddy Group, Inc -> Go Daddy Secure Certification Authority
> The USERTRUST Network -> Gandi Standard SSL CA
>
> All these are listed as "Software Security Device" certificaties.
> The others are "Builtin Object Token" and baked in the browser.


Tails ships NSS 2:3.14.3-1~bpo60+1 from Debian squeeze-backports.

If you are interested in investigating this any further, next step is
to compare with the version of NSS that is shipped by (or linked into,
or something) the TBB.

> Question is: did TAILS added some extra CA's ?


No, we don't add any CA to Tails.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc