[tor-dev] #3600 tech doc
Tom Ritter
tom at ritter.vg
Thu Nov 15 22:25:08 UTC 2018
I spent some time reading through the Mix and Match proposal. I'm not
sure I understand it.
In particular, I am confused about:
The proposal seems to focus heavily on what we do with state we
receive as part of the redirect. Do we promote it, do we leave it
double keyed. It doesn't seem to explain how we choose what state to
_send_. For example:
> For instance, in a redirect chain from foo.com -> tracker.com -> bar.com,
> the tracker.com cookies will be double keyed foo.com|tracker.com, while
> the bar.com cookies will be double keyed foo.com|bar.com. However, after
> the user begins to interact with bar.com, bar.com is promoted to be the
> First Party Domain, and Cookies set on the initial redirect need to be
> moved under the bar.com key.
When we send a request to foo.com, I assume we will send any current
cookies we have keyed under foo.com|foo.com[0]. When we receive a
redirect to tracker.com - how do we choose what state to send? We
don't know head of time whether it will give us a redirect or not, so
are we sending it any state we have under tracker.com|tracker.com
(treating it as a first party) or are we sending it any state we have
under foo.com|tracker.com?
The latter is better for privacy; but it would require you to
re-sign-in via Oauth a lot (pretend tracker.com is oauth.com); and I'm
nervous it would break login flows. Especially if you interact with
oauth.com and that seems to promote it into oauth.com|oauth.com and
then you later go through foo.com|oauth.com and there's no state
there...
[0] I'm pretty sure that we use the First Party Domain as both the
primary and secondary key for state under the first party; right? In
any event, when I say foo.com|foo.com I mean data keyed under the
foo.com first party.
I'm also a bit confused about the difference between different targets
of redirects. It seems like:
- If the target is example.com: we don't double-key or need to promote
upon interaction
- If the target is example.com?lang=en: we do double-key any state
set, and upon user interaction promote the state to first party.
- If the target is example.com/foo/bar.html: we do double-key any
state set, and upon user interaction promote the state to first party.
Finally, in a multi-redirect scenario like a.com -> b.com -> c.com,
I'm unsure if there is a difference in how we handle state we receive
for b.com if:
- The target is b.com
- The target is b.com?lang=en
- The target is b.com/foo/bar.html
I started drawing out a matrix of what happens when. I came up with
the following. I don't think I understand the proposal well enough to
fill it out. I'm hoping I will be able to do so though! I'm going to
paste it in its entirety:
----------
Single-Redirect, Before User Interaction
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com (before any user interaction):
- To aaa.com you send state keyed under aaa.com|aaa.com
- To ccc.com you send state keyed under ccc.com|ccc.com
- The browser deposits you at ccc.com
- Any cookies or other state set by aaa.com is set normally according
to FPI rules, so will be keyed under aaa.com|aaa.com
- Any cookies or other state set by ccc.com is set normally according
to FPI rules, so will be keyed under ccc.com|ccc.com
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com?lang=en (before any user interaction):
- To aaa.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is keyed under ??
- Any cookies or other state set by ccc.com is keyed under ??
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com/new-foo/blah.html (before any user interaction):
- To aaa.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is keyed under ??
- Any cookies or other state set by ccc.com is keyed under ??
----------
Single-Redirect, After User Interaction
Perhaps you scroll the page at ccc.com or perhaps click a link or
highlight some text.
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com, and then you interact:
- To aaa.com you send state keyed under aaa.com|aaa.com
- To ccc.com you send state keyed under ccc.com|ccc.com
- The browser deposits you at ccc.com
- There is no change to state for aaa.com, as it is already stored
under aaa.com|aaa.com
- There is no change to state for ccc.com, as it is already stored
under ccc.com|ccc.com
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com?lang=en, and then you interact:
- To aaa.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is migrated(?) and now
keyed under ??
- Any cookies or other state set by ccc.com is migrated(?) and now
keyed under ??
Click a link for aaa.com/foo/blah.html and the response redirects to
ccc.com/new-foo/blah.html, and then you interact:
- To aaa.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is migrated(?) and now
keyed under ??
- Any cookies or other state set by ccc.com is migrated(?) and now
keyed under ??
----------
Multi-Redirect, Before User Interaction
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and the bbb.com response then redirects to ccc.com (before any
user interaction):
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ccc.com
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and then bbb.com response then redirects you to
ccc.com?lang=en (before any user interaction):
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and then the bbb.com response redirects you to
ccc.com/new-foo/blah.html (before any user interaction):
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
*** Is there any behavior change between a the middle redirect that
goes to bbb.com vs bbb.com/?querystring or bbb.com/foo/bar.html ***
----------
Multi-Redirect, After User Interaction
Perhaps you scroll the page at ccc.com or perhaps click a link or
highlight some text.
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and the bbb.com response then redirects to ccc.com, and then
you interact:
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ccc.com
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and then bbb.com response then redirects you to
ccc.com?lang=en, and then you interact:
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
Click a link for aaa.com/foo/blah.html and the response redirects to
bbb.com and then the bbb.com response redirects you to
ccc.com/new-foo/blah.html, and then you interact:
- To aaa.com you send state keyed under ???
- To bbb.com you send state keyed under ???
- To ccc.com you send state keyed under ???
- The browser deposits you at ??
- Any cookies or other state set by aaa.com is ???
- Any cookies or other state set by bbb.com is ???
- Any cookies or other state set by ccc.com is ???
*** Is there any behavior change between a the middle redirect that
goes to bbb.com vs bbb.com/?querystring or bbb.com/foo/bar.html ***
More information about the tor-dev
mailing list