[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain

Subject: Re: [tor-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 18 Jan 2016 06:50:24 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 18 Jan 2016 01:50:37 -0500
In-reply-to: <049.8c66fc3ef1132fbc956b2bb5c66f2973@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17965: Isolate HPKP pinning to url bar domain
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  High                                 |         Status:
Component:  Tor Browser                          |  needs_review
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-linkability,                     |        Version:
  TorBrowserTeam201601R                          |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):

 * status:  assigned => needs_review
 * keywords:  tbb-linkability, TorBrowserTeam201601 => tbb-linkability,
     TorBrowserTeam201601R


Comment:

 Here is a branch that isolates both HSTS and HPKP.

 https://github.com/arthuredelstein/tor-browser/commits/17965+1

 The same mechanism is used to store both HSTS and HPKP state, so I isolate
 both HSTS and HPKP in the first patch. Note that I left out isolation for
 SpeculativeConnect for now, because we have it disabled, and otherwise the
 patch would be substantially larger and more complicated.

 The second patch in this branch provides a regression test for HSTS
 isolation. I still need to write a regression test for HPKP isolation.

 Unfortunately, I discovered that mochitests fail to load https sites when
 our "security.nocertdb" pref is enabled. So to run this test, one needs to
 temporarily set that pref to false in `browser/app/profile/000-tor-
 browser.js`. I opened a #18087 to address this issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17965#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #18087 [Tor Browser]: security.nocertdb -> false breaks mochitest https pages
Next by Author: Re: [tor-bugs] #18071 [Tor Browser]: Add new obfs4 bridge riemann to Tor Browser
Previous by thread: Re: [tor-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain
Next by thread: Re: [tor-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain
Index(es):
- Author
- Thread