Opened 3 years ago

Last modified 16 months ago

#21237 new defect

Support domain isolation for onion connections too?

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client isolation needs-design
Cc: gk, fdsfgs@…, mahrud Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Right now there's a timing channel leak between isolation domains, where one isolation domain can get some hints about whether I've been to a certain onion domain lately, because if I have (and I have a cached onion descriptor, and/or an open rendezvous circuit) then it will load faster.

If we tagged intro and rendezvous circuits with their socks isolation domains, and we tagged cached onion descriptors with their socks isolation domains, then we could remove this timing channel -- but at the cost of a bunch more work and delays for connections that are already high-work and high-delay.

I'm not sure if it's worth it on the Tor side, especially since this is just a timing channel. But I bet somewhere out there are Tor Browser users who are expecting the tab isolation to work, and I fear that it doesn't (fully) when it comes to onion services.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by gk

Cc: gk added

comment:2 Changed 3 years ago by arma

Cc: gk removed

#15499 appears to be the corresponding Tor Browser ticket.

comment:3 Changed 3 years ago by arma

Cc: gk added

comment:4 Changed 3 years ago by tokotoko

Cc: fdsfgs@… added

comment:5 Changed 2 years ago by nickm

Keywords: tor-client isolation needs-design added

comment:6 Changed 16 months ago by arma

Cc: mahrud added
Note: See TracTickets for help on using tickets.