Feature #10575

Serve UUI with HTTPS through Gitweb

Added by sajolida 2015-11-18 00:18:24 . Updated 2015-12-16 09:54:20 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
2015-11-18
Due date:
% Done:

100%

Feature Branch:
web/10575-uui-gitweb
Type of work:
End-user documentation
Blueprint:

Starter:
Affected tool:
Installation Assistant
Deliverable for:

Description

Now that we have https://git-tails.immerda.ch/uui-binary we could serve UUI with HTTPS through Gitweb. This would protect our users from simple MitM.


Subtasks


History

#1 Updated by sajolida 2015-11-27 12:00:50

  • Assignee changed from sajolida to tchou
  • QA Check set to Ready for QA
  • Feature Branch set to web/10575-uui-gitweb

#2 Updated by tchou 2015-12-07 13:56:36

  • Assignee changed from tchou to sajolida
  • QA Check changed from Ready for QA to Info Needed

I’m not shure to understand this point, about “simple MitM attacks”, why would it be more difficult ? More difficult than what (riseup ?).

#3 Updated by sajolida 2015-12-08 07:35:52

  • Assignee changed from sajolida to tchou
  • QA Check changed from Info Needed to Ready for QA

Currently UUI is served from pendrivelinux.com on HTTP only (see Feature #8932). Serving it from git-tails.immerda.ch provide HTTPS (and thus authentication) to the download. Currently, doing a man-in-the-middle on pendrivelinux.com requires being anywhere on the route to pendrivelinux.com (or redirecting this route), without any need for authentication. Doing a man-in-the-middle on git-tails.immeda.ch would also require having a fake but valid SSL certificate for immerda.ch.

#4 Updated by tchou 2015-12-12 02:56:53

  • QA Check changed from Ready for QA to Pass

The commit was from riseup to immerdia, that’s why I did not get the difference for security issues. I thought maybe I missed https specific issues.

#5 Updated by tchou 2015-12-12 02:58:42

  • Assignee changed from tchou to sajolida

#6 Updated by sajolida 2015-12-16 09:53:24

Now I understand your confusion. And you’re right, there’s no different in security between the HTTPS of riseup and immerda. But moving to Git will make it easier to maintain and provide permanent links.

I’m merging this then!

#7 Updated by sajolida 2015-12-16 09:53:48

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:5f4d84605a7d6e5b9c3da12ea706ab4f2b66ff07.

#8 Updated by sajolida 2015-12-16 09:54:20

  • Assignee deleted (sajolida)
  • QA Check deleted (Pass)