[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21418 [Applications/Tor Browser]: New Tor Browser http response header, for high security websites
#21418: New Tor Browser http response header, for high security websites
--------------------------------------+--------------------------
Reporter: micahlee | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Is a header the right choice for this? On the surface, I kind of like the
ability for a website to opt-in to stricter security controls but the
threat model is odd.
If it's a HTTP Header that applies per-request, the attacker has hacked
the server or the network, but not completely otherwise they could remove
or disable the header.
If it's some sort of persistent mechanism (for example: a HTTP Header that
gets remembered with max-age) then we're presuming the HTTP Server is
trustable at one point in time and then gets compromised later.
That second one seems a lot more reasonable to me than just a per-response
header.
It does; however, introduce the state problem - you don't actually want to
remember state in Tor Browser so we would have to solve that problem.
I would note that this really applies more for the other features of the
Tor Browser security slider than Javascript. You can effectively disable
javascript entirely using Content Security Policy with _is_ a per-response
header that Tor Browser already supports.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21418#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs