#14952: Audit HTTP/2 and SPDY if needed -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: task | Status: | needs_revision Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability, tbb-usability- | Actual Points: website, tbb-performance, ff60-esr, | TorBrowserTeam201808 | Parent ID: #25735 | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by gk):
* keywords: tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr, TorBrowserTeam201808R => tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr, TorBrowserTeam201808 * status: needs_review => needs_revision Comment: Nice, thanks for the investigation. Some first thoughts while reading through your notes: 1) Is the disk avoidance requirement respected in case there is some caching going on? 2) Does New Identity give us a clean slate with HTTP/2 enabled? 3) I don't see why we want to have server push enabled. Let's try with that disabled first. 4) I am fine leaving possible PING/SETTINGS-related timing side-channels for a different bug for now. If so, please open a new one. 5) I am not overly happy about the different values of some of the prefs you mentioned above depending on being on a desktop/mobile platform we should investigate the impact of shipping the same configuration for both of them. After all, `tbb-fingerprinting-os` bugs are still bugs. I guess this can be done in a new bug as well. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14952#comment:44> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs