[tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 13 15:16:23 UTC 2018
#14952: Audit HTTP/2 and SPDY if needed
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status:
| needs_revision
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability, tbb-usability- | Actual Points:
website, tbb-performance, ff60-esr, |
TorBrowserTeam201808 |
Parent ID: #25735 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* keywords:
tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
TorBrowserTeam201808R
=>
tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
TorBrowserTeam201808
* status: needs_review => needs_revision
Comment:
Nice, thanks for the investigation. Some first thoughts while reading
through your notes:
1) Is the disk avoidance requirement respected in case there is some
caching going on?
2) Does New Identity give us a clean slate with HTTP/2 enabled?
3) I don't see why we want to have server push enabled. Let's try with
that disabled first.
4) I am fine leaving possible PING/SETTINGS-related timing side-channels
for a different bug for now. If so, please open a new one.
5) I am not overly happy about the different values of some of the prefs
you mentioned above depending on being on a desktop/mobile platform we
should investigate the impact of shipping the same configuration for both
of them. After all, `tbb-fingerprinting-os` bugs are still bugs. I guess
this can be done in a new bug as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14952#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list