[tor-bugs] #3455 [Firefox Patch Issues]: Tor Browser should set SOCKS username for a request based on referer

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Jul 5 10:31:40 UTC 2012 

#3455: Tor Browser should set SOCKS username for a request based on referer
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry                    
     Type:  enhancement           |         Status:  new                          
 Priority:  major                 |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch Issues  |        Version:                               
 Keywords:  tbb-linkability       |         Parent:  #5752                        
   Points:                        |   Actualpoints:                               
----------------------------------+-----------------------------------------
Description changed by mikeperry:

Old description:

> Once Proposal 171 is implemented (#1865), Tor Browser should set the
> Proposal 171 SOCKS username to a function of the hostname in the referer
> header (possibly caching the first referer for subsequent link
> navigation). If the referer is blank, we should use the request URL
> hostname. This policy should effectively give us the same top-level
> origin isolation for circuit use that we want for other identifiers.

New description:

 Once Proposal 171 is implemented (#1865), Tor Browser should set the
 Proposal 171 SOCKS username to a function of the hostname in the referer
 header (possibly caching the first referer for subsequent link
 navigation).

 If the referer is blank, we should use a function of the request URL
 hostname. This policy should effectively give us the same top-level origin
 isolation for circuit use that we want for other identifiers.

 Lunar also points out that if this function introduces a hashed nonce that
 is changed on "New Identity" invocations, we can then do without the
 control port and control auth/password inside torbutton but still provide
 New Identity. This would simplify a lot of setups, and potentially allow
 us to remove more code from Torbutton.

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3455#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list