[tor-bugs] #6314 [TorBirdy]: prevent leak via Date header field (local timestamp disclosure)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 18 07:03:23 UTC 2015
#6314: prevent leak via Date header field (local timestamp disclosure)
----------------------+------------------------------
Reporter: tagnaq | Owner: ioerror
Type: defect | Status: needs_review
Priority: High | Milestone:
Component: TorBirdy | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #9131 | Points:
Sponsor: |
----------------------+------------------------------
Comment (by arthuredelstein):
A couple of alternatives are possible:
1. Provide a modified Date header generator from torbirdy JS code to
provide a UTC-formatted date. Here's an example:
https://gist.github.com/arthuredelstein/5fdd1a1e7b3133807a59
2. Provide a header generator that provides an empty Date header. Here's
an example patch:
https://github.com/arthuredelstein/torbirdy/commit/6314_blank_date
Both (1) and (2) would potentially allow us to leave Thunderbird's default
timezone unchanged, so users can see times displayed in the UI in their
local timezone.
(2) Is leaks no clock offset information at all in the Date header. But it
may risk causing problems to some mail servers or clients. Of course,
clock offsets may leak via other channels.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6314#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list