[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #2160 [EFF-HTTPS Everywhere]: Document rule review process

To: undisclosed-recipients:;
Subject: [tor-bugs] #2160 [EFF-HTTPS Everywhere]: Document rule review process
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 06 Nov 2010 04:34:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 06 Nov 2010 00:34:56 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2160: Document rule review process
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |       Owner:  schoen
     Type:  enhancement           |      Status:  new   
 Priority:  major                 |   Milestone:        
Component:  EFF-HTTPS Everywhere  |     Version:        
 Keywords:                        |      Parent:        
----------------------------------+-----------------------------------------
 We need to publicly document our rule review process in the rule
 development howto. The document should be written to be read by rule
 authors as well as rule set administrators/reviewers. It should describe
 both common pitfalls in rule authorship, as well as potential vectors for
 malicious rules, and examples of each.

 To motivate this, it should also briefly define an adversary model. As far
 as I am aware, the two classes of adversaries we face are network
 adversaries that exploit poorly written existing rules, and rule author
 adversaries that try to subtly smuggle malicious rewrite rules into
 rulesets for purposes of MITM/phishing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2160>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #2160 [EFF-HTTPS Everywhere]: Document rule review process
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #2159 [EFF-HTTPS Everywhere]: Improved rule interface
Next by Author: [tor-bugs] #2161 [EFF-HTTPS Everywhere]: Allow subscription to external rule feeds
Previous by thread: Re: [tor-bugs] #2159 [EFF-HTTPS Everywhere]: Improved rule interface
Next by thread: Re: [tor-bugs] #2160 [EFF-HTTPS Everywhere]: Document rule review process
Index(es):
- Author
- Thread