[tbb-dev] Double keyed cookies agenda entry

tordevmuc at encambio.com tordevmuc at encambio.com
Fri Jan 2 16:11:51 UTC 2015

Hello list,

Prelimary tests indicate that the double keyed cookie logic from
#3246 [1] performs as intended, but there are open questions like:

  How close have we covered all requirements (session,
    persistent, RFC 6265, real world use, maybe CVEs?)

  Should we consider modifying 1st/3rd party contexts of
    DOM stuff to accommodate broader use cases (federated login?)

  Which assumptions should we make of ESR network.cookie.* combos
    ...or should we implement and test for all config combinations?

  What would Mozilla require for a backport to ESR?

  How should this be 'packaged' with other 3rd party isolation?

...so I'm hoping to clear this up at the next TBB meeting Monday
19:00 UTC.


If anyone has changed their network.cookie.cookiebehavior to 'allow
all cookies', please state which website caused the frustration.

[1] https://trac.torproject.org/projects/tor/ticket/3246/


Michael Schloh von Bennewitz
Software Development Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3527 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20150102/2ddaaca9/attachment.bin>

More information about the tbb-dev mailing list