[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Torbirdy
Hi mujnabed,
> I wanted to clarify my understanding of the current status of the project.
> The project requires resolving two issues related to location anonymity
> weakening due to local timestamp leakage specifically in the MessageID &
> Date header fields.
Thanks for your interest in Tor and TorBirdy!
> From reading issues #6314, #6315 mentioned and the patch requests submitted
> for bugs #902573 and #902580 at bugzilla.mozilla.org, It seems that the
> current hold up by Mozilla to accepting the patch request are:
> 1. Establishing how well Thunderbird & other mail clients handle the date
> not being inserted by the sender in the mail header
> 2. Finding which MTA/MSA's automatically insert date headers on their own
> and if most/all don't, finding a workaround to that. Gmai, Mail.com, Gmx,
> Yandex and the now dead Lavabit had been tested successfully for automatic
> date header insertion
This was the idea when the patches were submitted but in later
discussions, we decided that removing the date header completely was not
a good idea and would break things, not only in Thunderbird but in other
MUAs. Also, convincing Mozilla to get such a patch accepted is likely
going to be difficult.
The exact specifics can be discussed later, but as mentioned in #902573,
this option looks most suitable:
Keep the Date header and ensure it is in UTC (eg: allow some clock
disclosure but not time zone to network)
> 3. And using extension hooks with explicit calls instead of checking user
> set configurations flags for removing timestamp data from header. This it's
> suggested will allow better handling of messages received/sent in the
> background by Thunderbird.
Yes, that's correct. Figuring out how to do this and doing it properly
is the only blocker. We already have code ready for generating random
message-IDs (which could also use some work but that is for later) which
is called using the preferences system, which is what you are going to
be replacing.
Let me know if you have any more questions. It would also be helpful to
read https://bugzilla.mozilla.org/show_bug.cgi?id=776397, which was the
original ticket we submitted.
--
Sukhbir
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev