Hi,
sajolida wrote (03 Jul 2015 08:38:25 GMT) :
> intrigeri:
>> sajolida wrote (04 Mar 2015 17:43:01 GMT) :
> You're answering here a quite old message of mine
Yep, sorry about that. Your reply makes it clear that I should have
re-read the blueprint and relevant threads more carefully before
both
On 07/07/2015 18:06, intrigeri wrote:
Are you saying that any other website that's been loaded in the
current session could alter the result of this verification?
That sounds very bad...
>>> That is what I would assume until some experts in this field tell me
>>> that browsers are sa
Hi,
Giorgio Maone wrote (07 Jul 2015 23:24:07 GMT) :
> So, just to be clear, *web pages cannot interfere in any way* with the
> result of the verification performed by the browser add-on, except if
> there are bugs in the add-on itself (very unlikely, since its code is
> gonna be relatively simpl
> Can a web page (and scripts it may be running) loaded in a given
> browser tab interfere in any way with the content of another tab?
Only if it's same origin with that tab, or the content of the other tab
opts-in for some form of cross-domain communication, or it's been opened
with window.open()
intrigeri:
> Hi,
>
> sajolida wrote (03 Jul 2015 08:38:25 GMT) :
>> intrigeri:
>>> sajolida wrote (04 Mar 2015 17:43:01 GMT) :
>> You're answering here a quite old message of mine
>
> Yep, sorry about that. Your reply makes it clear that I should have
> re-read the blueprint and relevant threads
Hi,
Giorgio Maone wrote (09 Jul 2015 07:22:52 GMT) :
>> Can a web page (and scripts it may be running) loaded in a given
>> browser tab interfere in any way with the content of another tab?
> Only if it's same origin with that tab, or [...]
Thanks a lot for these explanations! This addresses my r
intrigeri:
> Giorgio Maone wrote (09 Jul 2015 07:22:52 GMT) :
>>> Can a web page (and scripts it may be running) loaded in a given
>>> browser tab interfere in any way with the content of another tab?
>> Only if it's same origin with that tab, or [...]
>
> Thanks a lot for these explanations! This
sajolida wrote (31 Jul 2015 14:14:28 GMT) :
> intrigeri:
>> Giorgio Maone wrote (09 Jul 2015 07:22:52 GMT) :
Can a web page (and scripts it may be running) loaded in a given
browser tab interfere in any way with the content of another tab?
>>> Only if it's same origin with that tab, or [.
sajolida:
> Giorgio Maone:
>> On 04/03/2015 19:46, sajolida wrote:
>>> I tried to interrupt a download of the ISO with Tor Browser and,
>>> indeed, it's not possible to continue it.
>>
>> This seems due to a misconfiguration of your mirrors setup.
>> Specifically, I've tried to manually resume an i
Hi,
[@dkg: I know you read the last, but in this email there's one
question for you, and I would be sad if you missed it, so Cc'ing you
explicitly. Look for your handle below.]
sajolida wrote (07 Feb 2015 14:03:15 GMT) :
> ISO verification
>
I'm only commenting on that part for
Hi,
On 03/03/2015 21:01, intrigeri wrote:
>> - #8849: Technical specifications for ISO verification extension
>> (me, Giorgio, and probably intrigeri). More on that in a bit.
> Now switching to this, since I think my deadline for reviewing this
> was... yesterday. I'll assume that
> https://tail
On Tue 2015-03-03 21:01:55 +0100, intrigeri wrote:
> [@dkg: I know you read the last, but in this email there's one
> question for you, and I would be sad if you missed it, so Cc'ing you
> explicitly. Look for your handle below.]
thanks for the explicit callout, this thread has been mostly off my
intrigeri:
> I have a suggestion regarding the Seahorse Nautilus doc:
>
> * we could advise users to set up something to automatically refresh
> they GnuPG keyring (the OpenPGP best practices has several
> suggestions iirc, and not just parcimonie). This addresses the
> revocation handling p
Giorgio Maone:
>> The Goals section doesn't address interrupted / paused / retried
>> downloads. Is dealing with that a goal or a non-goal?
Thanks for joining this thread Giorgio!
> Considering the size of the ISO and the download speeds many Tor users
> may experience I'd consider it a goal (and
Daniel Kahn Gillmor:
> thanks for the explicit callout, this thread has been mostly off my
> radar, and i might not have noticed it otherwise.
Thanks for joining in! As explained to intrigeri earlier on, I planned
to send you an explicit request about that after a first validity check
by him (whic
On 04/03/2015 19:46, sajolida wrote:
> I tried to interrupt a download of the ISO with Tor Browser and,
> indeed, it's not possible to continue it.
This seems due to a misconfiguration of your mirrors setup.
Specifically, I've tried to manually resume an interrupted download from
Firefox's downloa
Giorgio Maone:
> On 04/03/2015 19:46, sajolida wrote:
>> I tried to interrupt a download of the ISO with Tor Browser and,
>> indeed, it's not possible to continue it.
>
> This seems due to a misconfiguration of your mirrors setup.
> Specifically, I've tried to manually resume an interrupted downloa
I did a bunch of commits on the extension blueprint (7f21644..d61d155)
and consider this security discussion pretty much closed.
I still need to:
#8855: Design data source for ISO verification extension
#9028: Check whether Tor Browser disables automatic updates
#9043: Check whether BitTorrent cl
FYI, the only email dkg answered from this thread was when
I explicitly Cc'd him, so I bet he missed this one:
sajolida wrote (04 Mar 2015 19:44:22 GMT) :
> Daniel Kahn Gillmor:
>> thanks for the explicit callout, this thread has been mostly off my
>> radar, and i might not have noticed it otherwi
sajolida wrote (04 Mar 2015 17:43:01 GMT) :
> intrigeri:
>> The Goals section doesn't address interrupted / paused / retried
>> downloads. Is dealing with that a goal or a non-goal?
[...]
> Still, our goals make it clear that we want to be able to distinguish
> between corrupter and interrupted dow
intrigeri:
> sajolida wrote (04 Mar 2015 17:43:01 GMT) :
>> intrigeri:
Allow users who are downloading using BitTorrent to do the same
level of verification as people downloading through their browser.
>>>
>>> IMO that could be demoted to a "bonus" goal, if time resources become
>>> scarc
21 matches
Mail list logo
