Author: u Date: To: Daniel Kahn Gillmor, The Tails public development discussion list Subject: Re: [Tails-dev] Security implications: moving code from
Verification Extension to our website
Hi!
On 22.03.19 02:24, Daniel Kahn Gillmor wrote:
> Is the concern that it's too expensive to maintain both the extension
> and the javascript going forward?
Ideally we'd only maintain one of those, but I think your idea is good:
if we could increase verification by having an internal mechanism, this
would be an improvement. However, the question remains: what happens if
an attacker controls the website?
> If the expense of maintaining the extension is too much, i wonder
> whether image verification is the ultimate concern at all. For example,
> should we be considering other approaches like external, spot-checked
> download verification with monitoring and reporting, as some measure of
> resilience against non-targeted attack? (maybe this is already in place
> and i just don't know about it)
I'm not quite sure what you mean but we regularly and automatically
check that all the mirrors serve correct images ({IMG, ISO} + SIG are
checked), independently of the individual verification that users should
do when downloading an image. But there might be a delay with us
reacting to this if a mirror is compromised.
