Bug #15998
Update design doc for Tails Verification
100%
Description
Reviewer and rubber-duck: intrigeri
Subtasks
Related issues
Related to Tails - |
Resolved | 2018-11-29 |
History
#1 Updated by Anonymous 2018-09-28 10:43:36
- Parent task set to
Bug #15994
#2 Updated by intrigeri 2018-10-11 09:03:55
- Description updated
#3 Updated by Anonymous 2018-11-15 15:05:23
- Assignee deleted (
sajolida)
I’m taking this one from sajolida as agreed by email.
#4 Updated by Anonymous 2018-11-15 15:12:49
Made a small modification in tails.git|8cea8886ef
#5 Updated by Anonymous 2018-12-11 17:14:56
- Status changed from Confirmed to In Progress
#6 Updated by Anonymous 2018-12-11 18:38:10
- related to
Bug #16171: Get our master branch ready for IDF v2 and new Tails Verification extension added
#7 Updated by Anonymous 2018-12-11 18:39:48
- Assignee set to intrigeri
- QA Check set to Ready for QA
- Feature Branch set to tails.git:features/15998+verificationextdoc
#8 Updated by Anonymous 2018-12-13 11:19:55
- Parent task changed from
Bug #15994toFeature #15292
#9 Updated by intrigeri 2018-12-16 11:43:05
- Target version changed from Tails_3.11 to Tails_3.12
#10 Updated by intrigeri 2018-12-17 14:09:56
- Feature Branch changed from tails.git:features/15998+verificationextdoc to features/15998+verificationextdoc
#11 Updated by intrigeri 2018-12-17 15:50:25
- Assignee deleted (
intrigeri) - QA Check changed from Ready for QA to Dev Needed
Looks good!
Typos: “tagets”, “manifest.js”, “supportin”
“the extension does not verify if a release is obsolete or not” is debatable: as long as we advertise only current releases in our IDF, the extension won’t successfully verify an obsolete one, so de facto it does verify if a release is obsolete. I would remove it but if you see value in mentioning our — somewhat vague — plans on this front (Bug #16200) here, please rephrase so that the wording correctly reflects what we currently have.
In “Example of an image description file”, please add a USB image so it’s clear how this new format supports multiple installation paths… which is the whole point :)
I’d rather see the “More complex verification mechanisms […]” paragraph updated (removing the “built into Tails Installer” link should be enough) than fully removed: that’s where we acknowledge the main limitation of our current implementation, which is important in a security analysis.
OT on this ticket, possibly a fallout of the port to WebExtensions, but trivial to fix while we’re at it: do we really support Firefox 45+ and Chrome 22+? download.js
requires newer versions.
About “except for scripts that are injected via background scripts”: does script-src 'self'
in content_security_policy
really apply only to those, and not to the code loaded via content scripts?
It would be nice to merge our integration branch into yours, so that any merge conflict is identified and resolved at the best possible time.
Finally, before submitting for QA again, please build the website locally, fix the Markdown syntax errors and make sure the page renders fine: for example, the IDF example does not render correctly.
#12 Updated by Anonymous 2018-12-17 17:08:32
intrigeri wrote:
> Looks good!
Thanks.
> Typos: “tagets”, “manifest.js”, “supportin”
ack
> “the extension does not verify if a release is obsolete or not” is debatable: as long as we advertise only current releases in our IDF, the extension won’t successfully verify an obsolete one, so de facto it does verify if a release is obsolete. I would remove it but if you see value in mentioning our — somewhat vague — plans on this front (Bug #16200) here, please rephrase so that the wording correctly reflects what we currently have.
ack
> In “Example of an image description file”, please add a USB image so it’s clear how this new format supports multiple installation paths… which is the whole point :)
ack!
> I’d rather see the “More complex verification mechanisms […]” paragraph updated (removing the “built into Tails Installer” link should be enough) than fully removed: that’s where we acknowledge the main limitation of our current implementation, which is important in a security analysis.
ack
> OT on this ticket, possibly a fallout of the port to WebExtensions, but trivial to fix while we’re at it: do we really support Firefox 45+ and Chrome 22+? download.js
requires newer versions.
I’m not sure I like the idea of having versions in that document at all. The requirements of download.js do not apply to the extension IMO. I’ve thus replaced this by linking the most important API needed.
> About “except for scripts that are injected via background scripts”: does script-src 'self'
in content_security_policy
really apply only to those, and not to the code loaded via content scripts?
I can actually run the extension without this permission. It was needed because background scripts directly modify a page and readded to master, hence my understanding is what I wrote there. But I would need to dive into this more to understand it better.
> It would be nice to merge our integration branch into yours, so that any merge conflict is identified and resolved at the best possible time.
sure.
> Finally, before submitting for QA again, please build the website locally, fix the Markdown syntax errors and make sure the page renders fine: for example, the IDF example does not render correctly.
:/
#13 Updated by intrigeri 2018-12-17 17:32:55
>> OT on this ticket, possibly a fallout of the port to WebExtensions, but trivial to fix while we’re at it: do we really support Firefox 45+ and Chrome 22+? download.js
requires newer versions.
> I’m not sure I like the idea of having versions in that document at all. The requirements of download.js do not apply to the extension IMO. I’ve thus replaced this by linking the most important API needed.
Agreed.
>> About “except for scripts that are injected via background scripts”: does script-src 'self'
in content_security_policy
really apply only to those, and not to the code loaded via content scripts?
> I can actually run the extension without this permission. It was needed because background scripts directly modify a page and readded to master, hence my understanding is what I wrote there. But I would need to dive into this more to understand it better.
I suspect that what happens is:
- if we had no background scripts, we would not need this relaxed CSP at all; I think that’s confirmed by your testing report
- but we have background scripts, so we need this relaxed CSP… which incidentally applies to content scripts as well
If that’s correct (who knows, I might have guessed right ;) then let’s make the wording clear about what the CSP applies to, and optionally mention why we had to relax it in the first place.
#14 Updated by Anonymous 2018-12-17 17:51:31
> I suspect that what happens is:
>
> * if we had no background scripts, we would not need this relaxed CSP at all; I think that’s confirmed by your testing report
> * but we have background scripts, so we need this relaxed CSP… which incidentally applies to content scripts as well
>
> If that’s correct (who knows, I might have guessed right ;) then let’s make the wording clear about what the CSP applies to, and optionally mention why we had to relax it in the first place.
Modified this.
#15 Updated by Anonymous 2018-12-17 17:52:20
- Feature Branch changed from features/15998+verificationextdoc to feature/15998+verification_ext_design
As I do not fancy taking care of PO file conflicts, I’ve created another branch based on the integration branch and manually imported the design doc there.
#16 Updated by Anonymous 2018-12-17 17:57:43
- Assignee set to intrigeri
- QA Check changed from Dev Needed to Ready for QA
#17 Updated by intrigeri 2018-12-19 08:16:13
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:tails|23485181c12b90c0c888560b4b8484b7cd68cce0.
#18 Updated by intrigeri 2018-12-19 08:19:02
- Assignee deleted (
intrigeri) - QA Check changed from Ready for QA to Pass
Good job, merged into the integration branch \o/
#19 Updated by intrigeri 2018-12-19 08:19:43
> Feature Branch changed from features/15998+verificationextdoc to feature/15998+verification_ext_design
=> deleted the now obsolete branch so Jenkins stops trying to build it.