[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17965 [Applications/Tor Browser]: Isolate HPKP and HSTS to url bar domain
#17965: Isolate HPKP and HSTS to url bar domain
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability, | Actual Points:
TorBrowserTeam201704R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
I applied the patches to `tor-browser-52.1.0esr-7.0-2`. Compiling on all
three platforms works. Testing and looking at the resulting
`SiteSecurityServiceState.txt` does not show any difference (e.g. domain
isolation key or something) to "normal" `SiteSecurityServiceState.txt`
files. Not sure if that is intended or not but that's a thing to keep in
mind during a proper review. (My assumption was that there actually should
be such a key saved. How else would code running in a new session know
which domain those entries were keyed to?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17965#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs