[or-cvs] [torbutton/master] Finish Torbutton assumption review.

mikeperry at seul.org mikeperry at seul.org
Fri Dec 4 06:44:13 UTC 2009


Author: Mike Perry <mikeperry-git at fscked.org>
Date: Wed, 30 Sep 2009 21:51:24 -0700
Subject: Finish Torbutton assumption review.
Commit: b05500921ccc400c927399d49382b2a5a7344bbb

---
 website/design/FF35_AUDIT |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/website/design/FF35_AUDIT b/website/design/FF35_AUDIT
index 3db462c..1f644ab 100644
--- a/website/design/FF35_AUDIT
+++ b/website/design/FF35_AUDIT
@@ -90,6 +90,11 @@ First pass: Quick Review of Firefox Features
       and per-origin storage instances
     - Each docshell has tons of storages for each origin contained in it
     - Toggling dom.storage.enabled does not clear existing storage
+    - Oh HOT! cookie-changed to clear cookies clears all storages!
+  - Conclusion:
+    - can safely enable dom storage
+      - May have minor buggy usability issues unless we preserve it
+        when user is preserving cookies..
 
 Second Pass: Verification of all Torbutton Assumptions
 - "Better privacy controls"
@@ -165,13 +170,16 @@ Second Pass: Verification of all Torbutton Assumptions
   - Read iSec report
   - Compare to Chrome
     - API use cases
-- SSL Toggle to clear session id
-- Unto tabs Toggle
-- SafeBrowsing Update Key removed on cookie clear still?
-- Places
 - SessionStore
   - Has been reworked with observers and write methods. Should use those.
-- check if nsICertStore is still buggy...
+- security.enable_ssl2 to clear session id
+  - Still cleared
+- browser.sessionstore.max_tabs_undo
+  - Yep.
+- SafeBrowsing Update Key removed on cookie clear still?
+  - Yep.
+- Livemark updates have kill events now
+- Test if nsICertStore is still buggy...
 
 Third Pass: Exploit Auditing
 - Remote fonts
-- 
1.5.6.5




More information about the tor-commits mailing list