[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29705 [Applications/Tor Browser]: Enable Brotli compression for .onion domains

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29705 [Applications/Tor Browser]: Enable Brotli compression for .onion domains
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 27 Sep 2019 02:09:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Sep 2019 22:09:45 -0400
In-reply-to: <056.b38960bd8415ee15bc8c8aedd9e39fd8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <056.b38960bd8415ee15bc8c8aedd9e39fd8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29705: Enable Brotli compression for .onion domains
--------------------------------------+---------------------------
 Reporter:  expyuzz4wqqyqhjn          |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #21728                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27
--------------------------------------+---------------------------

Comment (by willbarr):

 Aside from treating onion as a secure context, I think this needs to be
 fixed separately.

 The reason google banned brotli from http seems 1) to promote https 2)
 poorly maintained http sites may broke.

 Refer: https://hacks.mozilla.org/2015/11/better-than-gzip-compression-
 with-brotli/

 I think the risks of enabling brotli over http and breaking onion sites is
 less important than it’s advantages when supported.

 There are two ways to enable brotli support, 1) just enable it on all http
 requests including non-onions 2) creating a “potentialy trustworthy”
 context, put onion sites there and enable brotli there.

 The first approach will be as simple as adding br here.
 https://gitweb.torproject.org/tor-
 browser.git/tree/modules/libpref/init/all.js#n1754

 This is presumed to break certain legacy sites. However I haven’t had any
 problems when I tested this on various sites.

 The second approach is rather hard, and it deviates a lot from upstream
 firefox code base. I’ve found an example implementation, which enables
 brotli on localhost by putting them into a “potentially trustworthy”
 context”.

 https://bugzilla.mozilla.org/show_bug.cgi?id=1222541

 https://bug1222541.bmoattachments.org/attachment.cgi?id=9040956


 I’d like to hear devs opinion on this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29705#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17626 [Circumvention/BridgeDB]: BridgeDB's email distributor doesn't work if the "get help" text is quoted
Next by Author: Re: [tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Previous by thread: [tor-bugs] #31878 [Circumvention/BridgeDB]: Look into making BridgeDB more resilient
Next by thread: Re: [tor-bugs] #29705 [Applications/Tor Browser]: Enable Brotli compression for .onion domains
Index(es):
- Author
- Thread