[tor-bugs] #4100 [Tor Browser]: Isolate TLS Session IDs and HTTP Keep-Alive to top-level domain
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Sep 27 00:02:48 UTC 2011
#4100: Isolate TLS Session IDs and HTTP Keep-Alive to top-level domain
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
We need to prevent 3rd party domains from being able to correlate activity
using either TLS Session IDs or HTTP Keep-Alive.
In #4099, we plan to simply disable TLS session resumption and HTTP keep-
alive. Long term, we should try to find a way to preserve these features
by preventing them from applying to third parties from different top-level
domains.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4100>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list