[tbb-bugs] #21559 [Applications/Tor Browser]: Tor browser deanonymization/fingerprinting via cached intermediate CAs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 6 09:36:40 UTC 2017
#21559: Tor browser deanonymization/fingerprinting via cached intermediate CAs
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting, tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:4 gk]:
> FWIW: the Mozilla bug is
https://bugzilla.mozilla.org/show_bug.cgi?id=1334485. We currently
mitigate the problem by having the intermediate cache being memory-only
and cleared during `New Identity`.
Actually, we still have the
{{{
* XXX: intermediate SSL certificates are not cleared.
}}}
in Torbutton and it might we worth testing whether that one can go (as I
assumed) or I misspoke. See #2739 for the `NEWNYM` part.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21559#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list