[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17252 [Applications/Tor Browser]: Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them



#17252: Confirm TLS session resumption/ID are isolated to the URL bar domain, and
re-enable them
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-linkability, ff60-esr, tbb-      |  Actual Points:
  performance, TorBrowserTeam201808R             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):

 * keywords:  tbb-linkability, ff60-esr, tbb-performance,
     TorBrowserTeam201808 => tbb-linkability, ff60-esr, tbb-performance,
     TorBrowserTeam201808R


Comment:

 Jonathan Hao at Mozilla implemented FPI (OriginAttribute isolation) of
 session identifiers and session tickets in https://hg.mozilla.org/mozilla-
 central/rev/9aba8184664d. That patch includes unit tests to show that
 isolation is effective when "privacy.firstparty.isolate" is enabled.

 I also reviewed the code to understand it better:

 Each session ticket or session identifier is stored in an instance of the
 same `sslSessionID` struct:
 https://dxr.mozilla.org/mozilla-
 esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslimpl.h#462

 `sslSessionID` instances are stored in the session cache, keyed by a
 `peerID` string:
 https://dxr.mozilla.org/mozilla-
 esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslnonce.c#285

 The security manager sets the `peerID` string to include OriginAttributes
 suffix from the socket:
 https://dxr.mozilla.org/mozilla-
 esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/manager/ssl/nsNSSIOLayer.cpp#2709

 Therefore we can be confident that session tickets/identifiers are
 isolated by first party. So here's my patch for review:

 https://github.com/arthuredelstein/tor-browser/commit/17252

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17252#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs