[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19366 [Applications/Tor Browser]: torbrowser stream isolation considers domain:443 different from domain:444
#19366: torbrowser stream isolation considers domain:443 different from domain:444
--------------------------------------+----------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: worksforme
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+----------------------------
Changes (by yawning):
* status: new => closed
* resolution: => worksforme
Comment:
Tor Browser does not isolate base on ports. The `IsolateDestPort` option
is *not* set, and the domain isolator doesn't look at the port at all when
it generates/retrieves the auth based isolation nonce.
Eg: `example.com` via http and https use the same circuit.
The only thing I can think of that's happening is that you really do
happen to mean "port 800" which isn't a commonly allowed destination port.
If you used an Exit that allows port 80, but does not allow port 800, then
the tor daemon has no choice but to create a new circuit with a more
suitable Exit for the 2nd request.
This is totally orthogonal to isolation (which should be/is doing the
right thing), and boils down to Tor Browser not being clairvoyant.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19366#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs