[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
From: Mix+TB Test <mix.tb@xxxxxxxxxx>
Date: Mon, 07 May 2012 11:42:06 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 May 2012 07:50:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1336390945; bh=KOAALtd8nb2kxUQZ4WRsqZr0UKgXea+RBxeYHjMS1LQ=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p/ifAFv7aW8WSxB6/cfetRKE4CNEpcqhBzo+cizsVoi+NLxp9s+1AhBP5yPCFUqqm sVmI0kxOB7wCQTvTJj1wl6eBnAKRlCIZd7ql3b/ddvbj6QMFRKLr+QEvhjOVmd8vXo lN/qT3wR61t26nkDvDdUbwYyTu3PCmOTs07IxkDU=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1336390945; bh=KOAALtd8nb2kxUQZ4WRsqZr0UKgXea+RBxeYHjMS1LQ=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p/ifAFv7aW8WSxB6/cfetRKE4CNEpcqhBzo+cizsVoi+NLxp9s+1AhBP5yPCFUqqm sVmI0kxOB7wCQTvTJj1wl6eBnAKRlCIZd7ql3b/ddvbj6QMFRKLr+QEvhjOVmd8vXo lN/qT3wR61t26nkDvDdUbwYyTu3PCmOTs07IxkDU=
In-reply-to: <CADtjFvXkcs9NFdDupsyggMNrUQQq+1==AzWfkrgcK8Rp3HNHVw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4FA52658.9020408@xxxxxxxxxxxxx> <4FA5D959.4010902@xxxxxxxxxx> <4FA6833B.4050504@xxxxxxxxxxxxx> <4FA78FAC.9060804@xxxxxxxxxx> <CADtjFvXkcs9NFdDupsyggMNrUQQq+1==AzWfkrgcK8Rp3HNHVw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Sukhbir Singh wrote:
>> I didn't see the Message ID as harmful, but I'm more than happy to be
>> educated on this front. I do see the timezone leakage as a problem.
> 
> The Message-ID used by Thunderbird consists of two parts: the Unix
> timestamp in hexadecimal format (which matches the time in the 'Date'
> header) and a random number, the former being the reason why the
> message-ID is considered 'harmful'. tagnaq's paper [0] discusses this
> and proposes a time independent message-ID for Thunderbird.
> 
> [0] - https://trac.torproject.org/projects/tor/attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf

Thanks for the info. I'll have a good read through this over the next
few days.

>> had a look through Thunderbird's settings and can't see anything to
>> indicate that this is stored within the settings so I imagine that this
>> comes from system. If it's controlled through the environment then it
>> may be able to be set before running, again maybe through a TBB style
>> startup.
> 
> Yes, there is no way to change this using the configuration settings.
> It is possible to do this by setting the 'TZ' environment variable
> [1], however that introduces a new problem: Thunderbird then uses UTC
> as the dates on emails also and this may confuse/ irritate the users.
> 
> We are currently working on the date and the message-ID issue.
> 
> [1] - https://www.torproject.org/torbutton/torbutton-faq.html.en#securityissues

Trying this now just to see what it looks like.

>> My only other immediate concern is how Thunderbird identifies itself to
>> the SMTP server during the EHLO. Claws mail provides a dialogue to show
>> what it's doing, and also allows you to specify what it is that is
>> reported to the other end. I'm not sure what Thunderbird says, but it's
>> likely that it is the local hostname.
> 
> This has been taken care of, 'mail.smtpserver.default.hello_argument'
> is set to '127.0.0.1' to prevent hostname leaks.

Awesome.

> Thanks for helping us test this out.

Happy to help.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
  - From: Jacob Appelbaum
- Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
  - From: Mix+TB Test
- Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
  - From: Jacob Appelbaum
- Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
  - From: Mix+TB Test
- Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
  - From: Sukhbir Singh

Prev by Author: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Next by Author: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Previous by thread: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Next by thread: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Index(es):
- Author
- Thread