[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?

Subject: [tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 17 Jan 2017 09:15:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Jan 2017 04:16:01 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21237: Support domain isolation for onion connections too?
------------------------------+------------------------------
     Reporter:  arma          |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: unspecified
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+------------------------------
 Right now there's a timing channel leak between isolation domains, where
 one isolation domain can get some hints about whether I've been to a
 certain onion domain lately, because if I have (and I have a cached onion
 descriptor, and/or an open rendezvous circuit) then it will load faster.

 If we tagged intro and rendezvous circuits with their socks isolation
 domains, and we tagged cached onion descriptors with their socks isolation
 domains, then we could remove this timing channel -- but at the cost of a
 bunch more work and delays for connections that are already high-work and
 high-delay.

 I'm not sure if it's worth it on the Tor side, especially since this is
 just a timing channel. But I bet somewhere out there are Tor Browser users
 who are expecting the tab isolation to work, and I fear that it doesn't
 (fully) when it comes to onion services.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21237>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21243 [Applications/Tor Browser]: Tor Browser: Add links for pt, es, fr manuals
Next by Author: Re: [tor-bugs] #21166 [Metrics/Atlas]: Missing equal sign in the router template
Previous by thread: Re: [tor-bugs] #20214 [Applications/Tor Browser]: Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users
Next by thread: Re: [tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
Index(es):
- Author
- Thread