[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 12 Nov 2012 21:19:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Nov 2012 16:19:46 -0500
In-reply-to: <047.5c767d24d2ab7ead09c3fc9705985b29@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.5c767d24d2ab7ead09c3fc9705985b29@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by mikeperry):

 My initial thoughts here are:

 0. This is a totally awesome idea. I think it becomes even more awesome if
 it either shipped with or contained an XMPP server that gets automatically
 configured as a hidden service (#6660).

 1. In fact, if we can easily do XMPP over fully P2P hidden services (where
 each user gets their own hidden service), the timing issues with OTR
 become secondary, as OTR would be largely redundant in that case.

 2. We need to audit this for XUL XSS issues, especially since it is
 displaying remote-provided content (chat messages) in XUL windows. Has
 anyone done this audit yet? I assume the AMO reviewers have, but who knows
 how competent they are for this stuff. There are several people around the
 net that may be even more qualified reviewers than I am, in fact. There
 have been a few BlackHat/DEFCON/other presentations on this topic.

 3. It seems to use jsctypes. Is this dependency strictly necessary, or can
 we do without it?

 4. I'm pretty sure Pidgin is a security nightmare on Windows, and their
 devs seem to take a rather lax attitude to such problems. It likely has
 way worse vulnerabilities than timing attacks in the crypto... But
 CryptoCat could be worse in terms of exploit, because XUL XSS exploits are
 way easier to use (and cross-platform!) if they exist...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7446 [TorBrowserButton]: TorButton should set browser.fixup.alternate.enabled to false
Next by Author: Re: [tor-bugs] #7008 [Tor bundles/installation]: Make it safe to run Flash in TBB
Previous by thread: Re: [tor-bugs] #7464 [Tor]: run_scheduled_events() has funny-looking operator
Next by thread: Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
Index(es):
- Author
- Thread