[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 12 Nov 2012 08:09:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Nov 2012 03:09:17 -0500
In-reply-to: <046.ad64a0c633df405892a1268b2b5d824e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ad64a0c633df405892a1268b2b5d824e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7454: Active rules list doesn't indicate effects of securecookie if no URL
rewrite took place
----------------------------------+-----------------------------------------
 Reporter:  schoen                |          Owner:  pde     
     Type:  defect                |         Status:  accepted
 Priority:  normal                |      Milestone:          
Component:  EFF-HTTPS Everywhere  |        Version:          
 Keywords:                        |         Parent:          
   Points:                        |   Actualpoints:          
----------------------------------+-----------------------------------------
Changes (by pde):

  * status:  new => accepted


Comment:

 The code that implements the <securecookie> element
 [https://gitweb.torproject.org/https-
 everywhere.git/blob/HEAD:/src/chrome/content/code/HTTPSRules.js#l546 does
 try to display this fact] in the context menu.  The problem is that it
 only happens when the cookie is first secured.  There may be no later
 indication that a cookie in the page was secured by HTTPS Everywhere if
 HTTPS Everywhere has nothing else to change in that page, and there may be
 no indication that a cookie is ''missing'' from an HTTP page because a
 past securecookie intervention.  I think these are probably fixable,
 though it will be tricky work.

 It is also the case that disabling a ruleset won't go and ''remove'' the
 securecookie flag from all of the cookies it was set on, since that
 operation itself could cause potentially cause insecurity.  Although
 perhaps it's the lesser of two evils...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7454#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7403 [Ooni]: Implement test helper - collector hooks
Next by Author: Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
Previous by thread: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
Next by thread: Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
Index(es):
- Author
- Thread