Feature #16128
Move the verification JavaScript from the verification extension to the page itself
0%
Description
Nothing in https://tails.boum.org/contribute/design/verification_extension/ actually prevents us from including the code to verify Tails ISO images directly on our website. The extension does not seem to provide any particular benefit (since it’s been rewritten at least) over using the forge library and the verification code directly in the browser. As we use native Web APIs from the browser, we have access to the File objects and could even create a drag & drop area for the files to check.
The extension does not protect from MITM (then everything would be MITM’ed) and it does not protect from phishing (somebody who creates a webpage called tails.boum.org using weird unicode can always have a lets encrypt certificate for their domain and
pretend that everything is working well).
I’ve re-read the abovementioned design document and I cannot see any benefit in maintaining an extension currently.
Here is a proposal of iterations to get this done:
Iteration #1
- have a security discussion
- if we agree on security: move the code to the website without
changing the current setup (we would change some button texts but
not fundamentally modify the layout and functioning of this page)
This means keeping the same interactions:
# The user downloads the file
# The user clicks on “Verify Tails 3.13…”
- implementation-wise this could be done in a prototype at first
- review and modify carefully our Cross-origin policies, so that thread H (in the blueprint) is mitigated.
- Check if caching of JS files on the server poses a problem
- properly deprecate the extension and make people aware that it’s
unsupported and it does not fire on the page (need to research
mechanisms to do that) - Update the design documentation
At this point we’ll already be able to see the benefits of the
replacement in terms of usage on the number of downloads. We’ll also be
in a better position to guess how much improvement we can hope from the
on-the-fly verification.
We could also
- have an unreleased proof-of-concept on the feasibility of on-the-fly
verification. So we’re better armed to evaluate the cost of a second
iteration.
Hourly budget estimation: 60 hrs in total for everyone involved
Iteration #2
- revamp visually + user testing
- implement on-the-fly verification
- if needed at this point: more code
Hourly budget estimation: 40 hrs in total for everyone involved
Subtasks
Feature #17564: Consider using AIVWD from Meixel Tech. to replace our verification extension | Needs Validation | intrigeri | 0 |
Related issues
Related to Tails - |
Resolved | 2018-09-28 | |
Related to Tails - Feature #16091: Rethink our caching of static (CSS, JavaScript, more?) files | Confirmed | 2018-11-02 |
History
#1 Updated by Anonymous 2018-11-15 15:19:32
- QA Check set to Info Needed
I’m assigning this to @sajolida for comments on what I might have missed.
#2 Updated by Anonymous 2018-11-15 15:20:17
I’m eventually going crazy but we could even have verify.tails.boum.org on a different subdomain :))
#3 Updated by Anonymous 2018-11-16 11:56:43
- related to
Bug #15995: Have Tails Verification handle IDFs with several Tails installation paths (ISO/IMG) added
#4 Updated by Anonymous 2018-12-05 16:11:35
Another thing that just came to my mind: if we actually manage to drop the extension and have this code in a library and loaded on our website (like the mirror-dispatcher code), we might be able to allow people to validate downloads in Safari and newer versions of IE. Behold! I think this would be a great improvement for users.
Both these browsers seem to support one basic thing we use in the code: https://developer.mozilla.org/en-US/docs/Web/API/FileReader.
I propose to write a PoC at some point, so we can test this.
#7 Updated by intrigeri 2018-12-08 07:49:52
https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/ suggests that our extension might start supporting Microsoft Edge for free at some point, although it’s not clear whether the promised increased compatibility will include Web Extensions.
#8 Updated by sajolida 2019-01-28 18:49:17
- Target version set to Tails_3.13
#9 Updated by sajolida 2019-02-23 10:17:46
- Status changed from Confirmed to In Progress
- Assignee deleted (
sajolida) - Target version deleted (
Tails_3.13) - QA Check deleted (
Info Needed)
We started discussing this with Ulrike and Enrico and they will lead the process.
#11 Updated by Anonymous 2019-03-20 13:16:06
- Description updated
- Status changed from In Progress to Confirmed
#12 Updated by Anonymous 2019-03-20 13:17:22
- Description updated
#13 Updated by Anonymous 2019-03-20 13:31:45
Sent public call for security people: http://lists.autistici.org/message/20190320.132313.7c24cc99.en.html (and fwding in private to jv & co6).
#14 Updated by Anonymous 2019-04-16 14:05:32
- Target version set to Tails_3.14
There is progress on the discussion, so I’m now setting a target version to get back to it.
#15 Updated by Anonymous 2019-04-26 12:45:17
- Description updated
#16 Updated by Anonymous 2019-04-26 12:46:01
- related to Feature #16091: Rethink our caching of static (CSS, JavaScript, more?) files added
#17 Updated by Anonymous 2019-04-26 13:05:11
- Target version deleted (
Tails_3.14)
There is no schedule for this yet.
#18 Updated by sajolida 2019-05-03 10:11:09
- Subject changed from Consider abandoning the Verification Extension to Consider moving the verification JavaScript from the verification extension to the page itself
#19 Updated by sajolida 2019-07-22 17:44:12
- Tracker changed from Bug to Feature
- Subject changed from Consider moving the verification JavaScript from the verification extension to the page itself to Move the verification JavaScript from the verification extension to the page itself
The “Consider” part is done: http://lists.autistici.org/message/20190503.102700.7833e583.en.html. Renaming this ticket accordingly (it has useful implementation plans so I’m not closing it).
#20 Updated by Anonymous 2019-10-21 11:45:08
- Assignee deleted (
)
#22 Updated by sajolida 2020-01-04 14:59:56
- Assignee set to intrigeri
We discussed who could work on this in accounting.git:meetings/notes/2020-01-04.mdwn. The next step is for intrigeri.
#23 Updated by intrigeri 2020-01-11 16:47:58
- Type of work changed from Research to Communicate
I’ve emailed the developer to see how/when the next step could happen.