[tor-bugs] #21237 [Core Tor/Tor]: Support domain isolation for onion connections too?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 17 09:15:51 UTC 2017
#21237: Support domain isolation for onion connections too?
------------------------------+------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------
Right now there's a timing channel leak between isolation domains, where
one isolation domain can get some hints about whether I've been to a
certain onion domain lately, because if I have (and I have a cached onion
descriptor, and/or an open rendezvous circuit) then it will load faster.
If we tagged intro and rendezvous circuits with their socks isolation
domains, and we tagged cached onion descriptors with their socks isolation
domains, then we could remove this timing channel -- but at the cost of a
bunch more work and delays for connections that are already high-work and
high-delay.
I'm not sure if it's worth it on the Tor side, especially since this is
just a timing channel. But I bet somewhere out there are Tor Browser users
who are expecting the tab isolation to work, and I fear that it doesn't
(fully) when it comes to onion services.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21237>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list