[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements

Subject: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 31 Dec 2014 17:20:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 Dec 2014 12:20:51 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14059: Revision of existing double key cookie logic to meet requirements
-------------------------+--------------------------
 Reporter:  michael      |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:  #3246        |         Points:
-------------------------+--------------------------
 Revise logic from #14058 to meet requirements implied in the #3246 mother
 bug and TBB online development meetings.

 Complete implementation of what is termed ''double keying'' as both 1st
 party hostname and 3rd party hostname are stored and conditionally used
 when constructing the ''Cookie'' HTTP header.
 ----
 = Nonfunctional requirements =
 == Adaption to common use cases ==
 Common browsing use cases involving cookies must be supported while
 protecting against crossdomain tracking violations.

 == Allow granular cookie inspection ==
 Fine grained cookie inspection must be enabled through new design of a
 user interface indexing either 1st or 3rd party URI contexts. This
 requirement does not specify the UI itself.
 ----
 = Functional requirements =
 == 3rd party cookie storage ==
 3rd party cookies are stored under the usual conditions, according to the
 ''Set-Cookie'' HTTP header (RFC 6265.) Their storage structure enables 1st
 party association as a new measure.

 == 3rd party cookie retrieval ==
 3rd party cookies are revealed according to host domain matching (RFC
 6265) of 1st party URI contexts. This change mitigates the problem of
 identification across independent domains.

 == Legacy cookie behaviour ==
 New 3rd party isolation must not depend on legacy cookie behaviour
 configuraion '''(network.cookie.cookieBehavior.)'''

 == Conditional operation ==
 Double keyed cookie logic only influences runtime according to the
 configuration value '''(privacy.thirdparty.isolate.)'''

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #14058 [Tor Browser]: Reconstruction of obsolete Mozilla patch logic
Next by Author: Re: [tor-bugs] #14057 [Tor Browser]: Implement a test plan for double key cookie logic
Previous by thread: Re: [tor-bugs] #14058 [Tor Browser]: Reconstruction of obsolete Mozilla patch logic
Next by thread: Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
Index(es):
- Author
- Thread