On Thu 2017-10-26 13:52:00 +0000, sajolida wrote:
> According to our thread modeling [1], the extension cannot protect from
> a man-in-the-middle attack on our website -- thread (B). As a MitM or
> exploit on our website could defeat any verification technique by
> providing simplified instructions or by faking ISO verification.
I think this conclusion from the threat modeling is overly nihilistic.
Posting simplified instructions to the website is (at least sometimes)
detectable, as is faked ISO verification, and key pinning (when coupled
with a thoughtful and responsible key management regime) is a robust
defense defense against CA compromise.
I'm more generally worried about chrome's deprecation of key pinning:
https://groups.google.com/a/chromium.org/forum/?_escaped_fragment_=topic/blink-dev/he9tr7p3rZ8#!topic/blink-dev/he9tr7p3rZ8
:( this looks like a move toward forcing everyone into the global
monitoring regime, which works fine for the enterprise case, but might
not be appropriate for everyone.
I'd prefer to see the extension use a public key pin that covers all
connections to the tail website, not just that one download.
giving up on several defenses because one of them has a failure mode is
classic security nihilism, and i hope tails can avoid that kind of (easy
to fall into) trap.
--dkg
