Re: [Tails-dev] Security implications: moving code from Ver…

Delete this message

Reply to this message
Autore: sajolida
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] Security implications: moving code from Verification Extension to our website
u:
> On 22.03.19 02:24, Daniel Kahn Gillmor wrote:
>> Is the concern that it's too expensive to maintain both the extension
>> and the javascript going forward?
>
> Ideally we'd only maintain one of those, but I think your idea is good:
> if we could increase verification by having an internal mechanism, this
> would be an improvement. However, the question remains: what happens if
> an attacker controls the website?


If an attacker controls the website we're screwed anyway.

See attack [C] of our threat model:

https://tails.boum.org/contribute/design/verification_extension/#index3h2

--
sajolida