subject:"\[tor\-bugs\] #26431 \[Core Tor\/Stem\]\: Document a threat model for stem.client"

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-09-28 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+--
 Reporter:  dmr |  Owner:  dmr
 Type:  task| Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:  user disappeared
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by atagar):

 * status:  assigned => closed
 * resolution:   => user disappeared


Comment:

 Resolving our SoP tickets. If you return and would care to push this
 forward feel free to reopen.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-08-05 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+--
 Reporter:  dmr |  Owner:  dmr
 Type:  task| Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by teor):

 > Replying to [comment:2 teor]:
 > > When we have a draft guide for embedding Tor in other browsers (like
 Firefox, Brave, or Cliqz), it might contain some useful information about
 threat models for alternative implementations.
 >
 > teor, do you know where this info will live? It would be great to link
 to (at least, eventually).

 I don't know, because the Tor Browser team hasn't created the document
 yet.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-08-04 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+--
 Reporter:  dmr |  Owner:  dmr
 Type:  task| Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by dmr):

 * owner:  atagar => dmr
 * status:  needs_information => assigned


Comment:

 Replying to [comment:3 atagar]:
 > Hi Dave, do we still need this ticket?

 I think the original questions prompted by the ticket have been [comment:2
 answered by teor].
 However, I'd like to keep the ticket open - I think it should be
 documented to make sure this is readily apparent to stem.client consumers.

 I view this as something to be done at the time that a user-facing API is
 described.

 Assigning to self - I can take of this.

 Replying to [comment:2 teor]:
 > When we have a draft guide for embedding Tor in other browsers (like
 Firefox, Brave, or Cliqz), it might contain some useful information about
 threat models for alternative implementations.

 teor, do you know where this info will live? I would be great to link to
 (at least, eventually).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-08-03 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+---
 Reporter:  dmr |  Owner:  atagar
 Type:  task| Status:  needs_information
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---
Changes (by atagar):

 * status:  new => needs_information


Comment:

 Hi Dave, do we still need this ticket?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-06-25 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+
 Reporter:  dmr |  Owner:  atagar
 Type:  task| Status:  new
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+

Comment (by teor):

 Our security expectations of alternative tor implementations are pretty
 simple:
 * We do not expect alternative Tor implementations to be able to emulate C
 Tor's behaviour, so they are their own anonymity sets (there are several
 research papers on protocol emulation for anonymity: it doesn't work)
 * For this reason, and many others, alternative Tor implementations should
 not claim to support anonymity or privacy that is as good as Tor's:
 https://www.torproject.org/docs/trademark-faq.html.en

 So I'm not sure that writing a spec like this would be useful. A few
 sentences of threat model should be sufficient:

 stem.client does not make you anonymous. Use Tor Browser if you want
 to be anonymous. (Link to Tor Browser download page.)

 When we have a draft guide for embedding Tor in other browsers (like
 Firefox, Brave, or Cliqz), it might contain some useful information about
 threat models for alternative implementations.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-06-25 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
+
 Reporter:  dmr |  Owner:  atagar
 Type:  task| Status:  new
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Stem   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  client website  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+

Comment (by atagar):

 Thanks dmr. I'm not against a Stem threat model per say, but my main
 interest in Stem is to be a python implementation of the Tor
 specification. If we have security expectations for alternate Tor
 implementations then maybe that should live with the specs?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

2018-06-20 Thread Tor Bug Tracker & Wiki

#26431: Document a threat model for stem.client
---+
 Reporter:  dmr|  Owner:  atagar
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal |   Keywords:  client website
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+
 It would be beneficial to document the threat model that `stem.client` is
 trying to meet (and thereby, probably some of the use cases envisioned for
 `stem.client`).

 From a network-fingerprint sense, it is unlikely that `stem.client` could
 ever match the fingerprint that little-t `tor` does, since `stem.client`
 is a pure-Python implementation. Some side-channel behavior in particular
 is likely to be extremely difficult to align, and different Python
 implementations would make this even harder.

 But how close should `stem.client` come, how closely should it track to
 `tor` development, and what should it take into account?

 Some of this discussion //may// ripple into updating the
 [[https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt|tor-spec]]
 with some `SHOULD` statements.

 In general, it's important to document the threat model so that consumers
 of `stem.client` can know what to expect, and whether they should use
 `tor` in a controlled fashion instead.

 This threat model should become a living document that is maintained.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

[tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client

7 matches

Site Navigation

Mail list logo

Footer information