Hi,
As part of working on the CT Gossip draft [0] I find myself thinking about local trust anchors and how they might change browser behaviours.
My understanding is that Tor Browser behaves like Firefox wrt locally added CA certs. If that's correct, do you know if FF treats pinning the way the "What Is HPKP For?" post [1] describes it?
Another question that I find interesting is if TB could do better regarding fingerprintability based on what TLS session the browser accepts.
[0] https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/ [1] https://noncombatant.org/2015/11/24/what-is-hpkp-for/
On 27 January 2016 at 03:30, Linus Nordberg linus@torproject.org wrote:
Hi,
As part of working on the CT Gossip draft [0] I find myself thinking about local trust anchors and how they might change browser behaviours.
My understanding is that Tor Browser behaves like Firefox wrt locally added CA certs. If that's correct, do you know if FF treats pinning the way the "What Is HPKP For?" post [1] describes it?
AFAIK no changes have been made to the TLS stack or local trust roots except disabling session resumption, and enabling TLS 1.2 by default (which I think FF has finally caught up with TBB). So yes, if one added a local root to TBB it would override pinning. However, neither add-ons nor locally added roots seem to survive "New Identity". I think it's unlikely many TBB users have locally installed roots, considering they'd have to re-add them all the time.
In the past I have advocated for both curating the Trust Store more aggressively, and experimenting with TLS stack changes, but the problems there are the political concerns that come with running your own Trust Store and maintaining the stack changes.
Another question that I find interesting is if TB could do better regarding fingerprintability based on what TLS session the browser accepts.
I'm not sure what you mean here, could you elaborate?
-tom
Tom Ritter tom@ritter.vg wrote Wed, 27 Jan 2016 10:10:56 -0600:
| > Another question that I find interesting is if TB could do better | > regarding fingerprintability based on what TLS session the browser | > accepts. | | I'm not sure what you mean here, could you elaborate?
A web server in possession of multiple valid cert chains could serve a connecting client one after the other in order to find out what's in the clients trust store and what's not. An unusual trust store is a potentially strong fingerprint.
Are there other attacks for using the trust store as a fingerprint? Are there ways for TB to protect against any of these?
On 28 January 2016 at 02:51, Linus Nordberg linus@torproject.org wrote:
Tom Ritter tom@ritter.vg wrote Wed, 27 Jan 2016 10:10:56 -0600:
| > Another question that I find interesting is if TB could do better | > regarding fingerprintability based on what TLS session the browser | > accepts. | | I'm not sure what you mean here, could you elaborate?
A web server in possession of multiple valid cert chains could serve a connecting client one after the other in order to find out what's in the clients trust store and what's not. An unusual trust store is a potentially strong fingerprint.
It is.... but because TBB rewrites the trust store on every identity, isn't it unlikely that the client actually _has_ a nonstandard trust store? It's not like screen size or font fingerprinting where Firefox gets its cue from the OS and it's persistent...
-tom
-
Linus Nordberg -
Tom Ritter