Tor Browser Spec is not accurate regarding Session IDs
Or at the least it's confusing. The doc says we clear Session IDs on New Identity, but then says we disable them.
Patch:
From 5f5ff04e17ffc45eb0c2889ce6a71c7b2a312da7 Mon Sep 17 00:00:00 2001
From: Tom <tom@ritter.vg>
Date: Mon, 24 Oct 2016 11:36:29 -0500
Subject: [PATCH] Clarify language about Session IDs (always disabled.)
---
design-doc/design.xml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/design-doc/design.xml b/design-doc/design.xml
index 4ea0bff..36fa33a 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -1258,8 +1258,7 @@ bar origin.
</para>
<para><command>Implementation Status:</command>
-We currently clear SSL Session IDs upon <link linkend="new-identity">New
-Identity</link>, we disable TLS Session Tickets via the Firefox Pref
+We disable TLS Session Tickets via the Firefox Pref
<command>security.enable_tls_session_tickets</command>. We disable SSL Session
IDs via a <ulink
url="https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-31.6.0esr-4.5-1&id=a01fb747d4b8b24687de538cb6a1304fe27d9d88">patch
--
2.10.1