[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11183 [Pluggable transport]: Make an HTTP requestor Firefox extension for meek-client



#11183: Make an HTTP requestor Firefox extension for meek-client
-------------------------------------+----------------------
     Reporter:  dcf                  |      Owner:  dcf
         Type:  project              |     Status:  assigned
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  meek
Actual Points:                       |  Parent ID:  #10935
       Points:                       |
-------------------------------------+----------------------

Comment (by gk):

 Replying to [comment:6 dcf]:
 > The 5069a3ee Tor Browser patch has a reason for existing, though, so we
 shouldn't simply undo it. It's meant to guard against unexpected DNS leaks
 in Firefox and extensions. I've thought of two potential ways to deal with
 the situation:
 >  1. Make a special API or key that allows DNS lookups by a "direct" type
 proxy, which still prohibiting it from all other callers. Maybe the key is
 mere use of the "direct" type; maybe it's a magic string in the host
 field, or something like that.
 >  2. Run a second copy of Firefox solely for making meek HTTP requests.
 The second browser would have network.proxy.socks_remote_dns=false, which
 setting is enough to disable the Tor Browser patch that breaks name
 lookups.

 There is a third option on the horizon for bundles shipping a Tor Browser
 based on ESR 31: Mozilla fixed the WebSocket DNS leak
 (https://bugzilla.mozilla.org/show_bug.cgi?id=751465) which caused the
 defense-in-depth AND there will probably be a way to write tests that
 detect DNS leaks (https://bugzilla.mozilla.org/show_bug.cgi?id=971153).
 Thus, we could think about dropping the current patch that prevents your
 original idea from working while not throwing the defense-in-depth we
 currently have away for nothing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11183#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs