[tbb-dev] Double keyed cookies agenda entry
tordevmuc at encambio.com
tordevmuc at encambio.com
Fri Jan 2 16:11:51 UTC 2015
Hello list,
Prelimary tests indicate that the double keyed cookie logic from
#3246 [1] performs as intended, but there are open questions like:
How close have we covered all requirements (session,
persistent, RFC 6265, real world use, maybe CVEs?)
Should we consider modifying 1st/3rd party contexts of
DOM stuff to accommodate broader use cases (federated login?)
Which assumptions should we make of ESR network.cookie.* combos
...or should we implement and test for all config combinations?
What would Mozilla require for a backport to ESR?
How should this be 'packaged' with other 3rd party isolation?
...so I'm hoping to clear this up at the next TBB meeting Monday
19:00 UTC.
QUESTION
If anyone has changed their network.cookie.cookiebehavior to 'allow
all cookies', please state which website caused the frustration.
[1] https://trac.torproject.org/projects/tor/ticket/3246/
Cheers,
Michael
--
Michael Schloh von Bennewitz
Software Development Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3527 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20150102/2ddaaca9/attachment.bin>
More information about the tbb-dev
mailing list