Feature #10859

Remove dependencies to maone.net from DAVE

Added by sajolida 2016-01-05 17:54:09 . Updated 2017-12-04 10:39:35 .

Status:
Rejected
Priority:
Elevated
Assignee:
Category:
Installation
Target version:
Tails_3.5
Start date:
2016-01-05
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
ISO Verification Extension
Deliverable for:

Description

In its current beta version DAVE relies on maone.net for CSS and SSL verification. This shouldn’t be the case anymore once its stable.

Subtasks

History

#1 Updated by intrigeri 2016-01-05 18:46:16

While we’re at it, it would be good to remove the (outdated) fingerprint for boum.org’s certificate from the config file. It’s a bit misleading to anyone without deeper knowledge of the config file format, such as me… until I understood that this data was not used due to cert: null. Let’s make life easier for auditors :)

#2 Updated by sajolida 2016-01-26 18:25:48

  • Target version changed from Tails_2.0 to Tails_2.2

Postponing: let’s debug things a bit more before doing this.

#3 Updated by sajolida 2016-01-26 20:35:26

A solution could be to host testing IDFs and “ISO images” on tails.boum.org directly.

#4 Updated by intrigeri 2016-01-27 10:48:45

> A solution could be to host testing IDFs and “ISO images” on tails.boum.org directly.

If there’s any need to include dev-only config in the extension, or dev-only data on our website, then it rings a bell that says “something is wrong somewhere in the design”. Developers will always need to test new stuff, and for that they will need to point the extension to an arbitrary IDF, loaded from an arbitrary website. So we need to accommodate this need, because it won’t suddenly disappear with DAVE 1.0.

My understanding is that so far, this need has been addressed by hardcoding dev-only configuration into the config file shipped inside the extension. This might have been OK during early development, but it can’t fly now that we deploy this in production. The typical solution to this problem would be to have the configuration that developers need to tweak locally (I guess you need the IDF URL and the SSL verification settings) loaded from prefs, so developers can tell DAVE to trust whatever website + SSL trust anchor they want, without impacting production. Can we have this (or whatever addresses the need, without impacting production)?

Cheers!

#5 Updated by ma1 2016-01-27 11:09:33

intrigeri wrote:
> The typical solution to this problem would be to have the configuration that developers need to tweak locally (I guess you need the IDF URL and the SSL verification settings) loaded from prefs, so developers can tell DAVE to trust whatever website + SSL trust anchor they want, without impacting production. Can we have this (or whatever addresses the need, without impacting production)?

We could support an about:config preference to specify the path to an alternate conf.json file, where we can put any cert pinnging / IDF / trusted page information we want for development purpose.
It should not even have a default value (thus it would not exists / shown in about:config until created by a dev), because we would default to the conf.json packaged with the extension.

#6 Updated by intrigeri 2016-01-27 11:58:24

> We could support an about:config preference to specify the path to an alternate conf.json file, where we can put any cert pinnging / IDF / trusted page information we want for development purpose.

Sounds perfect to me!

#7 Updated by sajolida 2016-01-29 18:18:14

#8 Updated by sajolida 2016-03-15 15:03:55

  • Target version deleted (Tails_2.2)

#9 Updated by sajolida 2016-04-01 10:38:18

  • blocks #8538 added

#10 Updated by sajolida 2016-04-01 11:15:44

  • blocks Bug #11300: Have stable version of DAVE out of development channel added

#11 Updated by BitingBird 2016-06-29 07:27:09

Is this still the case, or as it solved and not closed ?

#12 Updated by intrigeri 2016-06-30 07:59:13

> Is this still the case, or as it solved and not closed ?

I’ve not noticed any progress.

#14 Updated by intrigeri 2016-07-19 09:57:22

  • Assignee changed from ma1 to sajolida
  • Target version set to Tails_2.5

sajolida, I assume you’ll review this. Please reassign to me once it’s done, if you don’t mind: IIRC I was the one who complained about this initially, so I’d like to have a quick look before we call it done :)

#15 Updated by intrigeri 2016-08-02 09:31:57

  • Target version changed from Tails_2.5 to Tails_2.6

#16 Updated by sajolida 2016-09-13 05:04:14

  • Target version deleted (Tails_2.6)

#17 Updated by sajolida 2016-11-06 19:16:48

  • Assignee changed from sajolida to intrigeri
  • maone.net is gone.
  • Let’s Encrypt has been added.
  • *.boum.org is still here.
  • What do we need labs.riseup.net for?

Happy if intrigeri has a look, otherwise I’ll send this to Giorgio for the next release (with no hurry).

#18 Updated by intrigeri 2016-11-09 09:48:17

  • Status changed from Confirmed to In Progress
  • Target version set to Tails_2.7
  • % Done changed from 100 to 50

#19 Updated by intrigeri 2016-11-09 09:57:29

  • Assignee changed from intrigeri to ma1
  • % Done changed from 50 to 60
  • QA Check changed from Ready for QA to Info Needed

intrigeri wrote:
> While we’re at it, it would be good to remove the (outdated) fingerprint for boum.org’s certificate from the config file. It’s a bit misleading to anyone without deeper knowledge of the config file format, such as me… until I understood that this data was not used due to cert: null. Let’s make life easier for auditors :)

I’ve looked at this and it looks good, as far as removing dependencies to maone.net is concerned.

My only remaining question is: is there a reason why conf.json still has

      "*.boum.org": {
        "subjectName":"CN=*.boum.org,OU=Gandi Standard Wildcard SSL,OU=Domain Control Validated",
        "issuerOrganization":"Gandi",
        "sha256Fingerprint":"FB:89:1F:85:61:8D:6F:62:EA:A6:6E:92:4D:3A:FC:80:17:03:D6:FB:D5:F4:B0:31:E7:D7:5A:7F:55:06:74:2D",
        "serialNumber":"00:84:A7:E7:40:C4:D4:54:54:64:E4:35:22:38:F0:29:53"
      },

?

It’s unused (and quite possibly has obsolete hashes), right?

#20 Updated by intrigeri 2016-11-09 17:37:00

  • Target version changed from Tails_2.7 to Tails_2.9.1
  • QA Check changed from Info Needed to Dev Needed

> * *.boum.org is still here.

Right, commented about it earlier today.

> * What do we need labs.riseup.net for?

It is useful for testing until https://tails.boum.org/ switches to Let’s Encrypt (mid-December). I think we’re in the exact same situation as I was arguing about in Feature #10859#note-4, i.e. dev-time stuff landing into the production configuration. So let’s please remove that entry.

(Yes, I understand that in theory, such entries are harmless, as we’re doing a hostname → cert/issuer mapping, and as long as we’re not pointing DAVE to a URL hosted on labs.riseup.net, this entry is completely a no-op; but still, it does make security auditing needlessly harder.)

> Happy if intrigeri has a look, otherwise I’ll send this to Giorgio for the next release (with no hurry).

Yes, we made our major deadline (thanks Giorgio) and this doesn’t need to be addressed in a hurry. Giorgio, can handle it by mid-December?

(Worst case, we will use it as a way to test our shiny new credentials that supposedly allow us to release DAVE ourselves :)

#21 Updated by ma1 2016-11-09 18:25:39

  • Assignee changed from ma1 to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

I had left them because JSON does not support comments but I wanted to 1) help testing 2) showcasing the pinner capabilities beyond the current configuration.
In last commit the “dirty” data in conf.json has gone in a new “conf.json.sample” file, which is ignored by the build script.
Does it look OK now?

#22 Updated by intrigeri 2016-11-09 19:29:14

  • Assignee changed from intrigeri to ma1
  • QA Check changed from Ready for QA to Dev Needed

> In last commit the “dirty” data in conf.json has gone in a new “conf.json.sample” file, which is ignored by the build script.
> Does it look OK now?

Yes!

But that last commit brings in lots of unrelated changes, including some that IMO we don’t want in Git (if you don’t know about git add -p, give it a try: you’ll love it, and reviewers of code bases you work on will too!); so I’ll go off-topic here, just as much as that commit did. Possibly unwanted changes:

  • addition of bootstrap.js and install.rdf: was this intended? If yes, then I guess that HACKING needs to be updated accordingly;
  • addition of lib/mirror-dispatcher.js: do we really want to embed a copy of this library here? I could live with that if you prefer it this way, but then each import should be made in an atomic commit, that makes it clear which exact commit of the upstream mirror-dispatcher Git repo was used when importing, otherwise it’ll be unclear what state the embedded code copy is at, and it would increase the chances that someone mistakenly starts hacking on that file in the wrong place.

Also, BTW, it’s not news but I don’t understand why we are tracking a build product (www/dave.xpi) inside the very Git repo it’s built from.

If these issues can all easily be handled right now, fine! Otherwise just let me know, and then I’ll file a separate ticket about them, so that we don’t get confused by discussing them on this (unrelated) ticket.

#23 Updated by sajolida 2016-11-10 16:32:02

  • blocked by deleted (Bug #11300: Have stable version of DAVE out of development channel)

#24 Updated by anonym 2016-12-14 20:11:21

  • Target version changed from Tails_2.9.1 to Tails 2.10

#25 Updated by anonym 2017-01-24 20:48:49

  • Target version changed from Tails 2.10 to Tails_2.11

#26 Updated by intrigeri 2017-03-03 08:08:34

  • Target version changed from Tails_2.11 to Tails_2.12

Hi Giorgio! Can you please take a look at my comment from early November? For now I mainly want to agree on a set of tasks to do so I can create the corresponding tickets, and then we can share the work among whoever feels responsible.

#27 Updated by intrigeri 2017-04-20 06:53:49

  • Target version changed from Tails_2.12 to Tails_3.0

#30 Updated by sajolida 2017-05-29 16:35:51

  • Private changed from No to Yes

I’ve seen it but thought it was no really urgent.

#31 Updated by intrigeri 2017-05-29 17:05:40

> I’ve seen it but thought it was no really urgent.

OK, fair enough. This has been waiting for 7 months, so +/- 1 month is not a deal breaker :)

Now, you’ve made this ticket private, so I believe Giorgio can’t see it anymore, which won’t help him work on it. I don’t feel comfortable reverting this change you made, so please do it yourself if it was a mistake.

#32 Updated by sajolida 2017-06-02 17:15:10

  • Private changed from Yes to No

Oops, putting this ticket “Public” again so ma1 can see it :)

#33 Updated by intrigeri 2017-06-10 18:03:36

  • Target version changed from Tails_3.0 to Tails_3.1

I’m not counting on this being fixed in the next 3 days, so postponing. sajolida: I’ll leave it to you to manage your contractor wrt. expectations and deadlines, but given the remaining issues are technical ones that I raised, I’m happy to take care of the code review :) And if this remains unaddressed for too long, IMO reassign to our new DAVE maintainer, and draw whatever conclusions are needed (I’d rather see this fixed by anyone soonish than seeing it open for 6+ more month, given what remains to do is trivial cleanup).

#34 Updated by ma1 2017-06-11 05:54:56

Hi people, I’m sorry this slipped through the cracks, but I’ve been very very busy with NoScript lately. This week I need to release some fixes deemed urgent for the Tor Browser as well, but I promise to look into this immediately after that. I apologize again.

#35 Updated by Anonymous 2017-06-30 10:46:48

Hi ma1, can you tell us when you’ll be able to get back to this? Thanks a lot!

#36 Updated by ma1 2017-06-30 21:29:08

u wrote:
> Hi ma1, can you tell us when you’ll be able to get back to this?

I’m releasing NoScript 5.0.6 today and I’ll be on a plane back from San Francisco tomorrow, so I’ll realistically do it on Monday.

#37 Updated by ma1 2017-07-03 22:25:02

  • QA Check changed from Dev Needed to Info Needed

Finally I could get to this, sorry for having dragged it so far.
May I have a recap of the issues left to be addressed yet? Are those from comment #22 only (yes, I probably just messed up the final, hurried commit with unneeded files)?
What’s currently the most up-to-date or otherwise useful repository to work on?
Thank you!

#38 Updated by intrigeri 2017-07-04 08:18:54

  • QA Check changed from Info Needed to Dev Needed

Thanks Giorgio for coming back to this :)

> May I have a recap of the issues left to be addressed yet? Are those from comment #22 only (yes, I probably just messed up the final, hurried commit with unneeded files)?

Yes, that’s all.

> What’s currently the most up-to-date or otherwise useful repository to work on?

Please work in your own repo (tails@git.tails.boum.org:ma1/download-and-verify-extension).

Other remotes you might want to add:

#39 Updated by ma1 2017-07-04 20:45:50

  • Assignee changed from ma1 to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

https://git-tails.immerda.ch/ma1/download-and-verify-extension/commit/?id=6ab989ef3a03b6044a54dc495ab726d42886a16b

#40 Updated by intrigeri 2017-07-05 08:24:55

  • Assignee changed from intrigeri to anonym

Reassigning to the new maintainer of DAVE :)

#42 Updated by intrigeri 2017-07-05 16:46:59

  • Target version changed from Tails_3.1 to Tails_3.2

(Taking into account anonym’s availability.)

#43 Updated by intrigeri 2017-09-07 08:24:27

  • Priority changed from Normal to Elevated
  • Target version changed from Tails_3.2 to Tails_3.3

I suggest you ignore DAVE until the 3.2 release and then put it on your list of top priorities for the 3.3 cycle.

#44 Updated by intrigeri 2017-11-06 15:29:51

  • Target version changed from Tails_3.3 to Tails_3.5

I suspect DAVE v2 will make this obsolete, so postponing.

#45 Updated by anonym 2017-12-04 10:39:35

  • Status changed from In Progress to Rejected
  • Assignee deleted (anonym)
  • % Done changed from 60 to 0
  • QA Check deleted (Ready for QA)

intrigeri wrote:
> I suspect DAVE v2 will make this obsolete, so postponing.

Yup => rejected.