[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6314 [TorBirdy]: prevent leak via Date header field (local timestamp disclosure)



#6314: prevent leak via Date header field (local timestamp disclosure)
--------------------------+----------------------
     Reporter:  tagnaq    |      Owner:  ioerror
         Type:  defect    |     Status:  new
     Priority:  major     |  Milestone:
    Component:  TorBirdy  |    Version:
   Resolution:            |   Keywords:  SponsorT
Actual Points:            |  Parent ID:  #9131
       Points:            |
--------------------------+----------------------

Comment (by saint):

 Replying to [comment:13 sukhbir]:


 > I also personally think that removing the date entirely is not a good
 idea -- it will likely break things and even if it doesn't for the cases
 we test with, getting such a patch accepted is going to be very difficult.


 Yes, it seems like this option is holding up patch acceptance.  I read the
 bug reports after hearing it referenced as a GSoC project. =)


 > ... and set hh:mm:ss to 00:00:00 or randomize it.

 These are both decent options for enhancing location anonymity, but have
 negative effects on conversations since it affects email sequence.

 Perhaps detect local time and adjust to UTC? e.g. it's 11:45 EST my time,
 but the sent message would read as 4:45 UTC.  Or defer to a server for
 time information (tlsdate style)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6314#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs