On Nov 2, 10:58 pm, Adam Barth <aba...@chromium.org> wrote: > On Mon, Nov 2, 2009 at 12:03 PM, Aaron Boodman <a...@chromium.org> wrote: > > On Thu, Oct 22, 2009 at 1:10 PM, Mike Perry <mikeperry.unu...@gmail.com> > > wrote: > >> 7. SSL Session ID Clearing > > >> SSL Session IDs are GUIDs used to reduce round trips on the SSL > >> handshake by providing an identifier to reference a recently > >> established SSL session. > > > This is not a bug in the current security model for incognito because > incognito is about not leaving tracks on your local machine. However, > incognito has a bunch of behaviors around general privacy > improvements. I'd certainly welcome a patch that used distinct SSL > session IDs for incognito mode. >
Hi, I'm working with Mike to define the Chrome APIs required to support the Tor extension for Chromium. This seemed like a good place to start in terms of understanding the code so I made a first attempt at modifying the use of TLS Session IDs in Incognito mode. http://code.google.com/p/chromium/issues/detail?id=30877 and http://codereview.chromium.org/502087/show Since session caches are tied to the underlying NSS instance in Linux and to individual credential handles in Windows, the practical approach seems to me to be avoid using the session cache altogether in Incognito mode. Thanks, Robert -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensi...@googlegroups.com. To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
