[tbb-bugs] #4100 [Tor Browser]: Isolate SPDY and HTTP Keep-Alive to top-level domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 28 21:19:46 UTC 2015


#4100: Isolate SPDY and HTTP Keep-Alive to top-level domain
--------------------------+------------------------------------------------
     Reporter:            |      Owner:  tbb-team
  mikeperry               |     Status:  new
         Type:            |  Milestone:  TorBrowserBundle 2.3.x-stable
  enhancement             |    Version:
     Priority:  major     |   Keywords:  tbb-linkability, tbb-firefox-patch
    Component:  Tor       |  Parent ID:
  Browser                 |
   Resolution:            |
Actual Points:            |
       Points:            |
--------------------------+------------------------------------------------
Changes (by gk):

 * cc: gk (added)


Comment:

 Don't we get the isolation we need for free with our current
 implementation of "Use different circuits for different URL bar domains"?

 I made a quick test with loading google.com and
 https://people.torproject.org/~gk/misc/keep-alive.html (which loads a
 resource requested as well if one loads google.com) making sure I did that
 within our current keep-alive limit and all requests are properly isolated
 meaning they use different circuits. How should the keep-alive you get
 while loading google.com interfere with the one you get if loading keep-
 alive.html provided they use different exit nodes?

 Recalling the discussion on IRC with s7r I think that would even mitigate
 the problem of onion sites loading foo.com clearnet resources while having
 foo.com open in a different tab.

 What am I missing?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4100#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list