[tbb-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 22 11:35:13 UTC 2016


#17965: Isolate HPKP pinning to url bar domain
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  High                                 |         Status:
Component:  Tor Browser                          |  needs_revision
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-linkability,                     |        Version:
  TorBrowserTeam201601R                          |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 I did not look much on the patch yet but decided to try some test bundles
 with it. It breaks at least HTTPS-E and it seems in a way that sites like
 facebook.com are not working anymore. In the error console I get:
 {{{
 NS_ERROR_XPC_NOT_ENOUGH_ARGS: Not enough arguments
 [nsISiteSecurityService.isSecureURI] HTTPS.js:43:0
 }}}
 Without HTTPS-E it is loading but still there are issues visible:
 {{{
 Handler function NRL_getSecurityInfo threw an exception: [Exception...
 "Not enough arguments [nsISiteSecurityService.isSecureHost]"  nsresult:
 "0x80570001 (NS_ERROR_XPC_NOT_ENOUGH_ARGS)"  location: "JS frame ::
 resource://gre/modules/commonjs/toolkit/loader.js ->
 resource://gre/modules/devtools/toolkit/webconsole/network-helper.js ::
 NH_parseSecurityInfo :: line 621"  data: no]
 Stack:
 NH_parseSecurityInfo at resource://gre/modules/commonjs/toolkit/loader.js ->
 resource://gre/modules/devtools/toolkit/webconsole/network-
 helper.js:621:20
 NRL_getSecurityInfo at resource://gre/modules/commonjs/toolkit/loader.js ->
 resource://gre/modules/devtools/toolkit/webconsole/network-
 monitor.js:222:15
 makeInfallible/<@resource://gre/modules/commonjs/toolkit/loader.js ->
 resource://gre/modules/devtools/DevToolsUtils.js:82:13
 NRL_onStartRequest at resource://gre/modules/commonjs/toolkit/loader.js ->
 resource://gre/modules/devtools/toolkit/webconsole/network-
 monitor.js:207:4
 Line: 621, column: 0
 }}}
 We might want to think about a different approach than "just" adding an
 additional parameter to nsISiteSecureService methods.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17965#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list