[tor-bugs] #6940 [TorBirdy]: analyze thunderbird HTTP proxy behaviour
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Sep 24 02:06:08 UTC 2012
#6940: analyze thunderbird HTTP proxy behaviour
----------------------+-----------------------------------------------------
Reporter: tagnaq | Owner: sukhbir
Type: task | Status: assigned
Priority: normal | Milestone:
Component: TorBirdy | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by mikeperry):
Replying to [comment:18 ioerror]:
> I've opened a ticket about the HTTP proxy in javascript: #6958
I agree that Moxie needs mad props for bending XPCOM to his will with that
JS HTTP proxy thing. However, I think a direct SOCKS patch for GPG (#2846)
has less vulnerability surface and should be simpler code in total.
The reason I think that the direct SOCKS patch reduces the vulnerability
surface is nuanced. It probably doesn't matter unless we actually disable
jsctypes in our own builds of Thunderbird (#6152).
So for now, my recommendation is:
0. Disable GPG network activity by setting the proxy to garbage for now.
1. Try Moxie's code from #6958. If you can get it to work out of the box
within an hour, use it for now
2. If Moxie's code takes more than an hour to get it to work, you should
try to provide a patch for SOCKS support to GPG (#2846). It's possible
someone may have already written one already, somewhere...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6940#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list