[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17965 [Applications/Tor Browser]: Isolate HPKP and HSTS to url bar domain

Subject: Re: [tor-bugs] #17965 [Applications/Tor Browser]: Isolate HPKP and HSTS to url bar domain
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2017 07:46:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 28 Apr 2017 03:46:37 -0400
In-reply-to: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17965: Isolate HPKP and HSTS to url bar domain
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-linkability,                     |  Actual Points:
  TorBrowserTeam201704R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 I applied the patches to `tor-browser-52.1.0esr-7.0-2`. Compiling on all
 three platforms works. Testing and looking at the resulting
 `SiteSecurityServiceState.txt` does not show any difference (e.g. domain
 isolation key or something) to "normal" `SiteSecurityServiceState.txt`
 files. Not sure if that is intended or not but that's a thing to keep in
 mind during a proper review. (My assumption was that there actually should
 be such a key saved. How else would code running in a new session know
 which domain those entries were keyed to?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17965#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21885 [Applications/Tor Browser]: SVG is not disabled in Tor Browser based on ESR52
Next by Author: Re: [tor-bugs] #22015 [User Experience]: Migrate the existing Comments, Users, Taxonomy Terms, and Blog posts from Drupal 5 to Drupal 8.
Previous by thread: Re: [tor-bugs] #17965 [Applications/Tor Browser]: Isolate HPKP and HSTS to url bar domain
Next by thread: [tor-bugs] #22085 [Core Tor/Tor]: Refactor and simplify compression tests
Index(es):
- Author
- Thread