Feature #6158

Fix secure Icedove autoconfig wizard in Tails

Added by Tails 2013-07-18 12:01:24 . Updated 2016-05-24 20:13:46 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
feature/6154-secure-autoconfig-in-icedove
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Email Client
Deliverable for:
268

Description

research why the account creation wizard fails on our custom packages built with this patchset (in feature/icedove), in Tails. Lack of MX query support, perhaps? Keeping in mind that the idea of securing that wizard is to stop trusting DNS, if Feature #6070 is needed to fix this problem, then it’s part of this deliverable.


Subtasks


Related issues

Related to Tails - Feature #6070: Support arbitrary DNS queries Confirmed
Related to Tails - Feature #6369: Build Debian packages of Icedove 38 with our patches / create proper branch situation Resolved 2013-10-16

History

#1 Updated by intrigeri 2013-07-19 02:43:46

  • Priority changed from Normal to High

#2 Updated by BitingBird 2014-06-20 13:22:53

  • Subject changed from fix secure Icedove autoconfig wizard in Tails to Fix secure Icedove autoconfig wizard in Tails
  • Starter set to No

#3 Updated by sajolida 2014-07-10 20:23:42

  • Priority changed from High to Normal

#4 Updated by intrigeri 2014-08-11 12:58:46

This might be a duplicate of Feature #6157, actually.

#5 Updated by intrigeri 2014-08-12 13:44:24

  • Category set to 212

#6 Updated by BitingBird 2015-01-04 02:53:18

  • related to Feature #6157: Fix re-test in secure Icedove autoconfig wizard added

#7 Updated by intrigeri 2015-01-04 12:46:14

  • related to deleted (Feature #6157: Fix re-test in secure Icedove autoconfig wizard)

#8 Updated by intrigeri 2015-05-29 12:32:48

  • Assignee set to kytv
  • Target version set to 246

#9 Updated by intrigeri 2015-05-29 12:33:05

  • blocks #8668 added

#10 Updated by intrigeri 2015-05-29 12:42:55

  • Description updated

#11 Updated by sajolida 2015-11-27 04:45:17

  • Target version changed from 246 to Tails_2.0

#12 Updated by Anonymous 2015-12-22 06:57:14

  • Target version changed from Tails_2.0 to Tails_2.2

#13 Updated by Anonymous 2015-12-22 07:06:57

  • Target version changed from Tails_2.2 to Tails_2.0

This should actually be done for the release of 2.0 (without the need to be merged into 2.0) so that we can have a working PoC for 2.2.

#14 Updated by intrigeri 2015-12-22 09:31:21

> This should actually be done for the release of 2.0 (without the need to be merged into 2.0) so that we can have a working PoC for 2.2.

I guess you meant “so that we can have a working PoC for 2.0”, since the goal is to have something good enough to ship in 2.2, while the PoC should be done during the 2.0 cycle.

#15 Updated by kytv 2015-12-25 08:38:25

Are packages (or git repositories) with the Secure Autoconfig Wizard available? As I see it (perhaps wrongly) that there’s nothing for me to fix until vendor.name being set to Tails gives us the Secure Wizard.

I don’t think I can do anything with this until that time…or am I sadly mistaken?

#16 Updated by Anonymous 2015-12-30 04:38:03

The patchset is now in icedove:secure_account_creation-38.0_b2-1. However, keep in mind that these are the patches applied directly to the upstream source. So if you make any modification, please tell me about it, so that I can apply this to the debian/patches I am currently working on.

#17 Updated by Anonymous 2015-12-30 04:39:01

  • related to Feature #6369: Build Debian packages of Icedove 38 with our patches / create proper branch situation added

#18 Updated by kytv 2016-01-06 14:29:06

  • Target version changed from Tails_2.0 to Tails_2.2

#19 Updated by intrigeri 2016-01-06 16:20:15

  • Target version changed from Tails_2.2 to Tails_2.0

Same here, I think I’ve mislead you somewhat early today, when I asked you to update your Icedove tickets. Sorry about that!

According to the timeline proposed on https://mailman.boum.org/pipermail/tails-icedove/2015-December/000108.html, we want a working PoC of the wizard ready during the 2.0 release cycle, so I think this ticket needs to stay on the 2.0 board for now.

Another option, which is rather what I was implicitly suggesting, would be to make it explicit (by creating new tickets) that the PoC is for 2.0, and that the goal is to have it merged for 2.2.

#20 Updated by Anonymous 2016-02-05 16:46:55

  • Target version changed from Tails_2.0 to Tails_2.2

#21 Updated by Anonymous 2016-02-24 11:23:32

  • Target version changed from Tails_2.2 to Tails_2.3

#22 Updated by anonym 2016-03-09 03:33:56

  • Status changed from Confirmed to In Progress
  • Assignee changed from kytv to anonym
  • % Done changed from 0 to 30
  • Feature Branch set to feature/6154-secure-autoconfig-in-icedove

I’ve built packages with the patches applied and done some minimal integration work (mostly fighting with the strange way TorBirdy reads “seeded” prefs) and it actually seems to work. Out of the four methods we allow, I’ve verified that fetching the config from disk and guessing works. In the Onion Circuits view I could wee that the other two methods (fetch from the service provider, and Mozilla’s database) were tried, so I guess they work as well.

#23 Updated by anonym 2016-03-09 03:40:15

  • Type of work changed from Research to Code

Tails wrote:
> research why the account creation wizard fails on our custom packages built with this patchset (in feature/icedove), in Tails. Lack of MX query support, perhaps? Keeping in mind that the idea of securing that wizard is to stop trusting DNS, if Feature #6070 is needed to fix this problem, then it’s part of this deliverable.

It’s unclear to me which parts of the automatic configuration the above refers to, but let’s look at the different cases:

  • If it was only the guessing-part, then it is fixed since we added the patch that enables SOCKS support for it.
  • If it also referred to the service provider and Mozilla database lookups, then I have no clue, but they seemingly work now (see previous comment).
  • Regarding MX queries, our patches disables that.

I believe this concludes the research part of this, so => Code.

#24 Updated by anonym 2016-04-20 10:56:47

  • Target version changed from Tails_2.3 to Tails_2.4

#25 Updated by anonym 2016-05-24 20:13:46

  • Status changed from In Progress to Resolved
  • Assignee deleted (anonym)
  • % Done changed from 30 to 100