On Nov 2, 5:58 pm, Adam Barth <aba...@chromium.org> wrote: > On Mon, Nov 2, 2009 at 12:03 PM, Aaron Boodman <a...@chromium.org> wrote: > > On Thu, Oct 22, 2009 at 1:10 PM, Mike Perry <mikeperry.unu...@gmail.com> > > wrote: > >> 7. SSL Session ID Clearing > >> > >> Exposing an API to completely reset the SSL state in a specific tab > >> processes or profile instance would be workable, however I could also > >> see this code just being added to the code that already rebuilds > >> Incognito's SSL cert caches in > >> OffTheRecordProfileImpl::GetSSLHostState(). > > > It seems like maybe this is just a bug in Chrome? If so, perhaps a > > good place to start would be to fix it. > > This is not a bug in the current security model for incognito because > incognito is about not leaving tracks on your local machine. However, > incognito has a bunch of behaviors around general privacy > improvements. I'd certainly welcome a patch that used distinct SSL > session IDs for incognito mode.
Yeah, my brother pointed out your threat model to me many times. : ) The way I defined the model for Torbutton was to essentially say that in addition to not leaving tracks on the local machine, we did not want any correlation between the two modes to be possible. https://www.torproject.org/torbutton/design/#requirements I think this is actually closer to what users might intuitively expect, but I won't push the point, because without the user using Tor, going to an open wifi point, or changing their home router's MAC address there still is the IP address identifier. So your willingness to accept a patch is good enough for me at this point. : ) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensions@googlegroups.com To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en -~----------~----~----~----~------~----~------~--~---
