Feature #6149
Wait for Torbirdy patches design documentation
100%
Description
wait for the design documentation for Torbirdy patches (Feature #6150) (asked on 2013-01-29 in <8538xk1i8q.fsf@boum.org>
).
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-05-29 |
History
#1 Updated by Tails 2013-07-18 11:48:20
- Parent task set to
Feature #6150
#2 Updated by intrigeri 2013-07-19 02:41:52
- Priority changed from Normal to High
#3 Updated by intrigeri 2013-07-19 09:43:05
- Starter set to Yes
#4 Updated by intrigeri 2013-07-28 07:25:18
Some explanation for these patches was posted on upstream bug tracker. See parent ticket.
#5 Updated by sajolida 2014-01-04 01:25:39
- Starter changed from Yes to No
#6 Updated by BitingBird 2014-06-09 09:54:52
- Subject changed from wait for Torbirdy patches design documentation to Wait for Torbirdy patches design documentation
#7 Updated by sajolida 2014-07-10 20:23:22
- Priority changed from High to Normal
#8 Updated by intrigeri 2014-08-12 13:44:58
- Category set to 212
#9 Updated by intrigeri 2015-05-29 12:38:38
- Assignee deleted (
None) - Target version set to 246
- Parent task changed from
Feature #6150toFeature #7064 - Type of work changed from Wait to Communicate
#10 Updated by sajolida 2015-08-09 08:39:20
Marked as blocked by #8668 as a child of Feature #6154.
#11 Updated by Anonymous 2015-10-27 07:35:32
- Assignee set to intrigeri
- QA Check set to Info Needed
Hi,
may you please modify the link in the description so that i can access it?
Thanks!
#12 Updated by intrigeri 2015-10-27 14:37:13
- Assignee deleted (
intrigeri) - QA Check changed from Info Needed to Dev Needed
> may you please modify the link in the description so that i can access it?
This is the <8538xk1i8q.fsf
boum.org>@ email Message-Id. Apparently the importation to Redmine entity-encoded bits of it. My preferred web search engine points me to https://www.mail-archive.com/tails-dev@boum.org/msg02504.html. Good enough for your needs?
#13 Updated by Anonymous 2015-10-27 14:51:14
Great, thanks!
#14 Updated by sajolida 2015-11-27 04:45:35
- Target version changed from 246 to Tails_2.0
#15 Updated by intrigeri 2015-12-15 05:09:13
https://mailman.boum.org/pipermail/tails-icedove/2015-November/000069.html might be relevant here.
#16 Updated by Anonymous 2015-12-17 09:52:08
There is no real design documentation.
Simply requirements and notes from tagnaq’s paper.
Problems identified in Thunderbird which Torbirdy seeks to address
- Thunderbird discloses machine specific clock information (section 3.5.3 and 3.5.4)
- Thunderbird may discloses the underlying OS (section 3.5.6)
- Thunderbird requests a website in cleartext at startup, disclosing its version, OS, language and buildid (section 3.6.1)
- Thunderbird stores and submits an identifying HTTP cookie with a lifetime of five years to Mozilla (section
3.6.4) - Thunderbird discloses the email address in cleartext to the exit node and the network (section 3.6.5)
- Thunderbird retrieves mail server configurations from a remote server over an insecure channel (section 3.6.5)
- Thunderbird leaks DNS requests and TCP connections (section 3.6.5)
- Enigmail leaks DNS requests (section 3.6.6)
- Enigmail may disclose all keyIDs in the keyring to the exit node and the network (section 3.6.6)
- Thunderbird may disclose local paths to the IMAP server (section 4.1.4)
- Thunderbird insecurely handles certain mail header and opens the browser without the user’s consent (section 4.1.4)
- an attacker might be able to determine Thunderbird’s approximate version (section 4.1.6)
How Torbirdy seeks to address these problems
Modifications
- remove possibility to load website at startup including “whatsnew” page (3.6.1)
- replace autoconfiguration with manual configuration (3.6.5)
- boundary string without prefix in any case (3.5.6)
- stripe Mozilla specific header from incoming mails (4.1.4)
- intercept any call to open an external application (4.2.1)
- implement per account proxy settings including a global proxy for non-mail traffic (4.2.2)
- implement time-offset fingerprint prevention (4.2.3) > partly accepted, partly pending upstream patch
Configuration options
All options are enabled by default.
- “make ’connection security’ mandatory”
- “use common fingerprint” (4.2.4)
- “HSTS state reset on shutdown”
- “ignore MDN requests silently”
- “disable HTML parsing”
- “do not display attachments inline”
- “make URLs in emails not clickable”
- “display warning when setting up an IMAP account”
- “display warning if multiple accounts share the same proxy”
- “display warning when adding attachment”
The Torbirdy developers ask that “somebody” checks the code against these requirements.
#17 Updated by Anonymous 2015-12-17 10:14:52
- related to
Feature #9493: Write Icedove manual tests for common usecases and security requirements added
#18 Updated by Anonymous 2015-12-18 07:44:06
- Status changed from Confirmed to Resolved
I think this ticket can be closed now. The 2 patches there were to be merged upstream have been and I doubt that anybody will write any more design documentation. As said by Sukhbir on tails-icedove@, they did not take any notes about it and would need a code review at some point.
#19 Updated by intrigeri 2016-05-10 04:29:31
- Assignee deleted (
) - % Done changed from 0 to 100