Hi!
On 16.04.19 14:29, intrigeri wrote:
> jvoisin:
>>> General security implications
>>> -----------------------------
>>>
>>> The question we are asking ourselves is: are there any predictable
>>> downsides to move the verification code from an extension to the website?
>
>> I don't see any significant downsides.
>
> I could not find any either, as long as the threat called [H] in the
> design doc of the current system can be mitigated, either in the same
> way as what we currently do (see Cross-origin communication and
> Content Security Policy paragraphs) or in other ways.
Noted. I think that we would need to and we'll be able to tighten the
Cross-origin policy compared to what the extension currently does.
> One rather minor implementation note, that's relevant in this context
> only because any software is only as secure as the _version run by
> actual users_: this migration increases the need to ensure web
> browsers use the correct version of the relevant web resources (such
> as JavaScript files), to replace the extension version check we
> currently have, which is done for every download. At the moment JS can
> be cached for 24h. We have a ticket about this already; I think it
> needs to be part of the migration plan.
I don't think this increases this need: it's still the same as it is
now, as the Installation Assistant already uses Javascript files hosted
on the server.
Is the ticket you are talking about this one:
https://redmine.tails.boum.org/code/issues/16091? (It's about CSS, not
JS, but I suspect the exact same issue applies.)
Cheers!
u.
