#18762: implement first-party isolation for OCSP generated by speculative
connect
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
I was looking a bit closer at a thing which was nagging me while doing the
review for #16998. There is
{{{
// Check for proxy information. If there is a proxy configured then a
// speculative connect should not be performed because the potential
// reward is slim with tcp peers closely located to the browser.
}}}
and this piece of code in `nsIOService.cpp`:
{{{
NS_IMETHODIMP
IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request,
nsIChannel *channel,
nsIProxyInfo *pi, nsresult
status)
{
// Checking proxy status for speculative connect
nsAutoCString type;
if (NS_SUCCEEDED(status) && pi &&
NS_SUCCEEDED(pi->GetType(type)) &&
!type.EqualsLiteral("direct")) {
// proxies dont do speculative connect
return NS_OK;
}
}}}
And it seems to me we hit this code path with Tor Browser. Retesting
#16324 by looking at `tcpdump` output confirms my suspicion as well: there
is no network activity visible even if Torbutton claims isolation is
happening.
So, it seems to me that at least this ticket and #16324 can be closed. I
am not sure yet what this means for #16998. I guess, we should not have
been worried by it because there is no speculative connect happening
anyway?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18762#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
