[tbb-bugs] #18762 [Applications/Tor Browser]: implement first-party isolation for OCSP generated by speculative connect

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 6 09:19:24 UTC 2016


#18762: implement first-party isolation for OCSP generated by speculative connect
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-linkability           |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by gk):

 I was looking a bit closer at a thing which was nagging me while doing the
 review for #16998. There is
 {{{
     // Check for proxy information. If there is a proxy configured then a
     // speculative connect should not be performed because the potential
     // reward is slim with tcp peers closely located to the browser.
 }}}
 and this piece of code in `nsIOService.cpp`:
 {{{
 NS_IMETHODIMP
 IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request,
 nsIChannel *channel,
                                          nsIProxyInfo *pi, nsresult
 status)
 {
     // Checking proxy status for speculative connect
     nsAutoCString type;
     if (NS_SUCCEEDED(status) && pi &&
         NS_SUCCEEDED(pi->GetType(type)) &&
         !type.EqualsLiteral("direct")) {
         // proxies dont do speculative connect
         return NS_OK;
     }
 }}}
 And it seems to me we hit this code path with Tor Browser. Retesting
 #16324 by looking at `tcpdump` output confirms my suspicion as well: there
 is no network activity visible even if Torbutton claims isolation is
 happening.

 So, it seems to me that at least this ticket and #16324 can be closed. I
 am not sure yet what this means for #16998. I guess, we should not have
 been worried by it because there is no speculative connect happening
 anyway?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18762#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list