Re: [Tails-dev] Security implications: moving code from Ver…

This message is part of the following thread:
M-\the complete thread tree sorted by date
M.Msajolida at <-
M\Msajolida at ->
Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Security implications: moving code from Verification Extension to our website
u:
> On 22.03.19 02:24, Daniel Kahn Gillmor wrote:
>> Is the concern that it's too expensive to maintain both the extension
>> and the javascript going forward?
>
> Ideally we'd only maintain one of those, but I think your idea is good:
> if we could increase verification by having an internal mechanism, this
> would be an improvement. However, the question remains: what happens if
> an attacker controls the website?

If an attacker controls the website we're screwed anyway.

See attack [C] of our threat model:

https://tails.boum.org/contribute/design/verification_extension/#index3h2

--
sajolida
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Security implications: moving code from Verification Extension to our websiteRe: [Tails-dev] Security implications: moving code from Verification Extension to our website->
lists.autistici.org administrated by postmasterLurker (version 2.3)