[tor-bugs] #2160 [EFF-HTTPS Everywhere]: Document rule review process
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Nov 6 04:34:46 UTC 2010
#2160: Document rule review process
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: schoen
Type: enhancement | Status: new
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
----------------------------------+-----------------------------------------
We need to publicly document our rule review process in the rule
development howto. The document should be written to be read by rule
authors as well as rule set administrators/reviewers. It should describe
both common pitfalls in rule authorship, as well as potential vectors for
malicious rules, and examples of each.
To motivate this, it should also briefly define an adversary model. As far
as I am aware, the two classes of adversaries we face are network
adversaries that exploit poorly written existing rules, and rule author
adversaries that try to subtly smuggle malicious rewrite rules into
rulesets for purposes of MITM/phishing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2160>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list