[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5752 [Tor Browser]: Isolate browser streams by url bar domain rather than by time interval



#5752: Isolate browser streams by url bar domain rather than by time interval
-------------------------+-------------------------------------------------
     Reporter:  arma     |      Owner:  danieleweber7624
         Type:  project  |     Status:  accepted
     Priority:  normal   |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  SponsorZ, tor-client, tbb-firefox-
   Resolution:           |  patch, TorBrowserTeam201410
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:20 arma]:
 > Replying to [comment:7 mikeperry]:
 > > isis just noted in #tor-dev that Tor retries failed DNS queries on
 other circuits. It appears that we do this for failed stream attempts too.
 I agree that's a bad property because it allows a web adversary to cause
 your browser to keep making new circuits until you pick one that uses its
 middle node.
 > >
 > > We should ensure we disable this "retry on new circuit" behavior for
 content elements of a given URL bar, so that at least content elements
 don't get to cause you to create tons of circuits. Once a circuit can load
 a top-level url correctly, it should be considered reliable enough not to
 abandon if a DNS or other stream times out. This might actually require a
 new Tor child ticket and patch, though...
 > >
 > > It's not clear what (if anything) we should change about the initial
 URL bar load behavior, though. Perhaps it is safe to remain unchanged,
 because Tor would at least rate limit that properly before failing the
 page load.
 >
 > Was there a resolution for this part of the issue?

 Not that I am aware of. I've opened a new ticket: #13669

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5752#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs