Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mitigate TLS session resumption tracking #1852

Open
diracdeltas opened this issue Oct 25, 2018 · 8 comments
Open

mitigate TLS session resumption tracking #1852

diracdeltas opened this issue Oct 25, 2018 · 8 comments
Assignees
@diracdeltas @riastradh-brave
Labels
feature/tor/leakproofing Eliminating unexpected ways that someone using Tor might be unmasked. needs-investigation A bug not 100% confirmed/fixed priority/P3 The next thing for us to work on. It'll ride the trains. privacy/feature User-facing privacy- & security-focused feature work. privacy/tracking Preventing sites from tracking users across the web privacy

Comments

@diracdeltas
Copy link
Member

since https://arxiv.org/abs/1810.07304 came out, many people are concerned about the possibility of advertisers tracking people using TLS session resumption data. brave should consider invalidating TLS session resumption tickets periodically to mitigate this.
@diracdeltas diracdeltas added priority/P3 The next thing for us to work on. It'll ride the trains. privacy/feature User-facing privacy- & security-focused feature work. privacy/tracking Preventing sites from tracking users across the web labels Oct 25, 2018
@bbondy bbondy added this to the 1.x Backlog milestone Oct 28, 2018
@jumde
Copy link
Contributor

jumde commented Nov 1, 2018

  • Also, restrict the session resumption support for third-parties

@diracdeltas diracdeltas mentioned this issue Jan 8, 2019
Closed
@diracdeltas diracdeltas added the feature/tor/leakproofing Eliminating unexpected ways that someone using Tor might be unmasked. label Jan 8, 2019
@diracdeltas
Copy link
Member Author

discussed in meeting;

WRT tor, if this is not provided by site isolation then we should probably disable TLS ticket caching entirely

@diracdeltas diracdeltas self-assigned this Jan 8, 2019
@fmarier
Copy link
Member

fmarier commented Jan 9, 2019
edited
Loading

Here are the notes I took after reading the suggested mitigations in that paper:

  • ignore new expiry dates to defeat prolongation attacks
  • set upper limit for session resumption at 10 min
  • disable or double-key session resumption for 3rd-party resources
  • disable TLS 1.3 1-RTT session resumption (and therefore 0-RTT)

@diracdeltas
Copy link
Member Author

thanks @fmarier

my current thinking is this would be ideal:

  • disable all session resumption mechanisms (including session tickets, session IDs, TLS 1.3 PSKs) in Tor mode
  • disable all session resumption mechanisms for 3rd party resources in non-Tor mode
  • make sure session resumption state is cleared whenever cookies are cleared

@diracdeltas
Copy link
Member Author

diracdeltas commented Jan 9, 2019
edited
Loading

actually according to https://bugs.chromium.org/p/chromium/issues/detail?id=30877, chromium OTR sessions (aka incognito windows) should have session resumption disabled already. if that's the case, Tor mode is protected already

@tildelowengrimm
Copy link
Contributor

Is Tor actually an OTR session though — do guest windows have the same treatment?

@rebron rebron modified the milestone: 1.x Backlog Feb 7, 2019
@riastradh-brave riastradh-brave added the needs-investigation A bug not 100% confirmed/fixed label Jul 25, 2019
@riastradh-brave
Copy link
Contributor

riastradh-brave commented Jul 25, 2019
edited
Loading

The question about guest sessions will become moot after #2307.

It is unclear to me whether TLS session resumption is actually disabled altogether in off-the-record profiles, or whether it is merely partitioned between normal and off-the-record profiles; this part needs investigation.

That said, upstream is preparing to isolate TLS session caches by network isolation key, which will be the first party, rendering this entirely moot: http://crbug.com/974910

@bsclifton
Copy link
Member

@diracdeltas @darkdh would this be fixed now that Tor uses OTR profile?
brave/brave-core#7069

@JorgeCepeda JorgeCepeda mentioned this issue Mar 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diracdeltas diracdeltas

@riastradh-brave riastradh-brave

Labels
feature/tor/leakproofing Eliminating unexpected ways that someone using Tor might be unmasked. needs-investigation A bug not 100% confirmed/fixed priority/P3 The next thing for us to work on. It'll ride the trains. privacy/feature User-facing privacy- & security-focused feature work. privacy/tracking Preventing sites from tracking users across the web privacy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@fmarier @diracdeltas @tildelowengrimm @bbondy @jumde @bsclifton @rebron @riastradh-brave