Author: sajolida Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Tails ISO verification extension for Firefox
Giorgio Maone: >>> - Modify the downloaded ISO after verification
>> How it can be done, since it's already downloaded? A operating system malicious
>> code?
> In facts, it seems outside the scope of this project: if the local
> system is already compromised, the adversary has already won and there's
> no point in fighting anymore.
I'm not considering here a malicious local operating system in general
(as we can't protect against this). But I was wondering to which extent
other entities in the browser have access to downloaded files and how
much write access is protected on the already downloaded files by other
extensions for example. Our extension will do read-only access on the
download to calculate a checksum, but could another extension modify
this file after it's been downloaded?
> Using a standalone executable, instead, would actually leave us with the
> egg and chicken problem: who does verify the verifier?
Right, that's the point. We're proposing here to use the browser as a
tool that users already have installed, that can do some crypto and that
we should be able to trust in that process anyway. That's why we're not
introducing another standalone executable.