commit e0ba697476b6a8f8a67e72737a0e0fe23211c654 Author: Mike Perry <mikeperry-git@fscked.org> Date: Tue Oct 4 23:23:18 2011 -0700 Describe our efforts against flash cookies. --- docs/design/design.xml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/design/design.xml b/docs/design/design.xml index 244c9ab..2145751 100644 --- a/docs/design/design.xml +++ b/docs/design/design.xml @@ -912,6 +912,25 @@ origin, we entirely disable DOM storage as a stopgap to ensure unlinkability. </para> </listitem> + <listitem>Flash cookies + <para><command>Design Goal:</command> + +Users should be able to click-to-play flash objects from trusted sites. To +make this behavior unlinkable, we wish to include a settings file for all platforms that disables flash +cookies using the <ulink +url="http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html">Flash +settings manager</ulink>. + + </para> + <para><command>Implementation Status:</command> + +We are currently <ulink +url="https://trac.torproject.org/projects/tor/ticket/3974">having +difficulties</ulink> causing Flash player to use this settings +file on Windows. + + </para> + </listitem> <listitem>TLS session resumption and HTTP Keep-Alive <para> TLS session resumption and HTTP Keep-Alive MUST NOT allow third party origins @@ -932,7 +951,6 @@ disable</ulink> TLS session resumption, and limit HTTP Keep-alive duration. </para> </listitem> - <listitem>User confirmation for cross-origin redirects <para><command>Design Goal:</command>