Feature #17259

Update Thunderbird design doc

Added by segfault 2019-11-25 20:57:54 . Updated 2019-11-30 20:14:58 .

Status:
Resolved
Priority:
Normal
Assignee:
intrigeri
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
feature/17219-replace-torbirdy
Type of work:
Contributors documentation
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

The “3.6.14 Thunderbird” section of our design doc says that we use TorBirdy and describes what TorBirdy does. We will have to update that section.


Subtasks


Related issues

Related to Tails - Bug #17277: Make the Thunderbird autoconfig wizard not trust the result of DNS requests In Progress
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by intrigeri 2019-11-28 14:45:10

#2 Updated by intrigeri 2019-11-28 14:45:20

  • Type of work changed from Code to Contributors documentation

#3 Updated by intrigeri 2019-11-29 07:32:04

  • Assignee set to intrigeri

#4 Updated by intrigeri 2019-11-29 08:16:40

  • Feature Branch set to feature/17219-replace-torbirdy

#5 Updated by intrigeri 2019-11-29 08:55:35

  • Status changed from Confirmed to In Progress

Applied in changeset commit:tails|d72ed15ef43776c9b287a18e38a91180c975aaff.

#6 Updated by intrigeri 2019-11-29 08:58:20

  • Status changed from In Progress to Needs Validation
  • Assignee changed from intrigeri to segfault

#7 Updated by segfault 2019-11-30 18:29:11

  • Status changed from Needs Validation to Confirmed
  • Assignee changed from segfault to intrigeri

Regarding this:

Thunderbird is configured to generate `Message-ID` headers using
the hostname part of the sender's email address, which does not
leak usage of the PELD nor any user location information.

IIUC, this is about this patch to Thunderbird:

https://bugzilla.mozilla.org/show_bug.cgi?id=902580

It does not require setting a preference, so I think it’s incorrect to state that Thunderbird leaks this information by default. I would remove that paragraph.

Regarding “For example, it trusts the result of DNS requests”, I’m not sure which of our patches you are referring to. Is this about the oauth2 thing?

#8 Updated by intrigeri 2019-11-30 18:39:09

  • Status changed from Confirmed to In Progress

Applied in changeset commit:tails|bb687de86efeb57828e3366bc48d524e638fd1e3.

#9 Updated by intrigeri 2019-11-30 19:21:26

  • related to Bug #17277: Make the Thunderbird autoconfig wizard not trust the result of DNS requests added

#10 Updated by intrigeri 2019-11-30 19:24:53

> Regarding this:

>

> Thunderbird is configured to generate `Message-ID` headers using
> the hostname part of the sender's email address, which does not
> leak usage of the PELD nor any user location information.
> 

> IIUC, this is about this patch to Thunderbird:

> https://bugzilla.mozilla.org/show_bug.cgi?id=902580

I think there are two aspects:

  • That patch addresses the “user location information” aspect, as it avoids leaking the local time in the “local” part of the Message-ID (what’s before the \). So I've dropped this obsolete claim of ours. * That patch does not address the "usage of the PELD" aspect, because at least in this patch, the hostname is still leaked after the \. To ensure we don’t make erroneous claims and that we don’t regress, I think we should:
    • Verify whether Torbirdy in Tails 4.0 indeed replaced this with “the hostname part of the sender’s email address”; if it did not, stop here
    • Check what’s happening in practice on this branch; if it’s worse than 4.0, we have a regression
    • Ideally, check what’s happening in practice with pristine Thunderbird 68 outside of Tails; that’s in case we need to compare to support our claim that Thunderbird does not do what we want by default.

At this point, I’m fine with removing the claims we’re not sure are correct.
What I’m more concerned about is the risk of regression compared to 4.0.

> Regarding “For example, it trusts the result of DNS requests”, I’m not sure which of our patches you are referring to. Is this about the oauth2 thing?

I think something went wrong, see Bug #17277 :(

I’m inclined to leave the design doc as-is for now but I’m fine if you prefer to drop this probably erroneous claim of ours (and we may revert that after Bug #17277 solves the problem).

#11 Updated by segfault 2019-11-30 19:31:23

intrigeri wrote:
> * That patch does not address the “usage of the PELD” aspect, because at least in this patch, the hostname is still leaked after the \@. To ensure we don’t make erroneous claims and that we don’t regress, I think we should:
> Verify whether Torbirdy in Tails 4.0 indeed replaced this with “the hostname part of the sender’s email address”; if it did not, stop here
> Check what’s happening in practice on this branch; if it’s worse than 4.0, we have a regression
> Ideally, check what’s happening in practice with pristine Thunderbird 68 outside of Tails; that’s in case we need to compare to support our claim that Thunderbird does not do what we want by default.

Makes sense. I will do that now.

> At this point, I’m fine with removing the claims we’re not sure are correct.

I see you did that already on the feature branch.

> What I’m more concerned about is the risk of regression compared to 4.0.

Agreed.

> > Regarding “For example, it trusts the result of DNS requests”, I’m not sure which of our patches you are referring to. Is this about the oauth2 thing?
>
> I think something went wrong, see Bug #17277 :(

Oh.

> I’m inclined to leave the design doc as-is for now but I’m fine if you prefer to drop this probably erroneous claim of ours (and we may revert that after Bug #17277 solves the problem).

Sure, lets leave it as is until we know what happened.

#12 Updated by intrigeri 2019-11-30 19:42:35

  • Assignee changed from intrigeri to segfault

#13 Updated by segfault 2019-11-30 20:07:57

  • Status changed from In Progress to Needs Validation
  • Assignee changed from segfault to intrigeri

> * Verify whether Torbirdy in Tails 4.0 indeed replaced this with “the hostname part of the sender’s email address”; if it did not, stop here
> * Check what’s happening in practice on this branch; if it’s worse than 4.0, we have a regression
> * Ideally, check what’s happening in practice with pristine Thunderbird 68 outside of Tails; that’s in case we need to compare to support our claim that Thunderbird does not do what we want by default.

For all three of 4.0, an image built from this branch (commit f4df8536c19a81300915003cad332f9a101eeae4), and Thunderbird 68 from Sid without TorBirdy installed, the Message-ID is of the form <f53156f3-ccbc-d884-1cd7-a2742c19b15briseup.net>@. So I removed the claim that Thunderbird leaks information in this header by default.

#14 Updated by intrigeri 2019-11-30 20:14:59

  • Status changed from Needs Validation to Resolved

> For all three of 4.0, an image built from this branch (commit f4df8536c19a81300915003cad332f9a101eeae4), and Thunderbird 68 from Sid without TorBirdy installed, the Message-ID is of the form <f53156f3-ccbc-d884-1cd7-a2742c19b15briseup.net>@. So I removed the claim that Thunderbird leaks information in this header by default.

Excellent :))