Wait for Torbirdy patches design documentation
wait for the design documentation for Torbirdy patches (
Feature #6150) (asked on 2013-01-29 in
Related to Tails -
#12 Updated by intrigeri 2015-10-27 14:37:13
- Assignee deleted (
- QA Check changed from Info Needed to Dev Needed
> may you please modify the link in the description so that i can access it?
This is the
<8538xk1i8q.fsfboum.org>@ email Message-Id. Apparently the importation to Redmine entity-encoded bits of it. My preferred web search engine points me to https://email@example.com/msg02504.html. Good enough for your needs?
#15 Updated by intrigeri 2015-12-15 05:09:13
https://mailman.boum.org/pipermail/tails-icedove/2015-November/000069.html might be relevant here.
#16 Updated by Anonymous 2015-12-17 09:52:08
There is no real design documentation.
Simply requirements and notes from tagnaq’s paper.
Problems identified in Thunderbird which Torbirdy seeks to address
- Thunderbird discloses machine specific clock information (section 3.5.3 and 3.5.4)
- Thunderbird may discloses the underlying OS (section 3.5.6)
- Thunderbird requests a website in cleartext at startup, disclosing its version, OS, language and buildid (section 3.6.1)
- Thunderbird stores and submits an identifying HTTP cookie with a lifetime of five years to Mozilla (section
- Thunderbird discloses the email address in cleartext to the exit node and the network (section 3.6.5)
- Thunderbird retrieves mail server configurations from a remote server over an insecure channel (section 3.6.5)
- Thunderbird leaks DNS requests and TCP connections (section 3.6.5)
- Enigmail leaks DNS requests (section 3.6.6)
- Enigmail may disclose all keyIDs in the keyring to the exit node and the network (section 3.6.6)
- Thunderbird may disclose local paths to the IMAP server (section 4.1.4)
- Thunderbird insecurely handles certain mail header and opens the browser without the user’s consent (section 4.1.4)
- an attacker might be able to determine Thunderbird’s approximate version (section 4.1.6)
How Torbirdy seeks to address these problems
- remove possibility to load website at startup including “whatsnew” page (3.6.1)
- replace autoconfiguration with manual configuration (3.6.5)
- boundary string without prefix in any case (3.5.6)
- stripe Mozilla specific header from incoming mails (4.1.4)
- intercept any call to open an external application (4.2.1)
- implement per account proxy settings including a global proxy for non-mail traffic (4.2.2)
- implement time-offset fingerprint prevention (4.2.3) > partly accepted, partly pending upstream patch
All options are enabled by default.
- “make ’connection security’ mandatory”
- “use common fingerprint” (4.2.4)
- “HSTS state reset on shutdown”
- “ignore MDN requests silently”
- “disable HTML parsing”
- “do not display attachments inline”
- “make URLs in emails not clickable”
- “display warning when setting up an IMAP account”
- “display warning if multiple accounts share the same proxy”
- “display warning when adding attachment”
The Torbirdy developers ask that “somebody” checks the code against these requirements.
#18 Updated by Anonymous 2015-12-18 07:44:06
- Status changed from Confirmed to Resolved
I think this ticket can be closed now. The 2 patches there were to be merged upstream have been and I doubt that anybody will write any more design documentation. As said by Sukhbir on tails-icedove@, they did not take any notes about it and would need a code review at some point.