Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Regarding certificate pinning in verification
extension
hi,
sajolida: >> giving up on several defenses because one of them has a failure mode is
>> classic security nihilism, and i hope tails can avoid that kind of (easy
>> to fall into) trap. > Note that I raised this question because, right now, we don't know how
> to implement the equivalent of this custom pinning mechanism in Web
> Extensions for new version. So we're not really "giving up" on something
> because right now we don't have any pining in the Web Extension version.
We'll, we're giving up on something we have right now in production.
Granted, not on something we have in the WIP new add-on.
> My question is more about understanding better the real benefits of
> doing the (potentially complicated) additional work of writing a new
> custom pinning mechanism for the new extension given that we won't have
> the same native API anymore. > For the other crypto operation of the extension (SHA-256) we're now
> embedding a JavaScript crypto library since we don't have access to the
> native Firefox API anymore. I'd be quite afraid of what it would look
> like to do something similar to do certificate pinning...
I think for both issues, we should:
1. on the short term: give up / go with quick workarounds; our
timeline is tight and we don't have much choice.
2. let Mozilla know about our needs: I've seen extension developers
successfully engaging with Mozilla while porting their add-on to
Web Extensions, and new APIs being designed and implemented as
a result. This seems the right thing to do both from an engineering
perspective, and to meet our relationship with upstream claims.
Note, however, that even in the best case this doesn't give us the
same new APIs for free in Chrome.
