Re: [Tails-dev] Firefox extension for downloading Tails

Delete this message

Reply to this message
Autor: Giorgio Maone
Data:  
Para: Griffin Boyce, The Tails public development discussion list, sajolida
Assunto: Re: [Tails-dev] Firefox extension for downloading Tails
On 09/07/2014 00:46, Griffin Boyce wrote:
> OpenPGP.js doesn't require the user to have GPG installed on their
> system.

And keeps things cross-platform.
>
> Ideally, in this case, the pubkey would be already packaged within the
> extension, with only signed updates being able to overwrite it.

Yes, that was the idea.

> However, I think to some extent this still relies on a user making an
> effort to verify the key's validity via its web of trust.

It would be nice, but if the user cannot trust the extension he
installed he pretty much lost anyway, so this setup would generally
mitigate the risk of a MITM while grabbing the hash.

However I agree, this is for a future version and shouldn't prevent us
from shipping basic download+verification.
-- G

>
> best,
> Griffin
>
> On July 8, 2014 6:19:07 PM EDT, sajolida@??? wrote:
>
>     Giorgio Maone wrote:

>
>         Hi everybody. The blueprint should be enough for me to start
>         hacking a prototype together. If nobody has suggestions, I'd
>         propose to call the extension with the catchy (!) name of
>         "Tails Catcher". I'd just add that a future version might
>         embed tails developer's key and perform OpenPGP authentication
>         itself. 

>
>
>     I didn't put that idea on the blueprint so far, for the following reasons:

>
>       - OpenPGP for verifying our ISO image is only stronger than SHA256 if
>     the WoT is used to build strong trust in the signing key. Otherwise, you
>     might as well get an HTTPS MitM while receiving the key, as much as
>     while receiving the hash.
>       - Our past experience with Firegpg [1] taught us that doing GPG inside
>     of a browser is usually a
>     bad idea. The same might not apply to an ISO
>     verification but I would check this very carefully before going this way.
>       - I don't know how portable it would be to do such GPG operations from
>     inside the browser. Would the user need to have GPG installed on their
>     Windows or Mac OS X? Would we ship a GPG ourselves? All those options
>     sounds scary to me :)

>
>     Those are the reasons why I'm not convinced by that idea. We might also
>     want to further discuss the role of the OpenPGP verification in the
>     broad installation process with UX people. But anyway, that discussion
>     shouldn't block in any way the first implementation...

>
>     [1]:
>     https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/index.en.html

>
>
> --
> Sent from my tracking device. Please excuse brevity and cat photos.



--
--
Giorgio Maone
http://maone.net