Hi! On 22.03.19 15:47, Nicolas Vigier wrote: > On Fri, 22 Mar 2019, sajolida wrote: >> Whether there's a security loss for the 20% of users who currently use >> the extension is precisely what we are asking more opinions about. >> >> For example, jvoisin's primary reaction on this thread is that it's >> doesn't have any significant downsides. >> >> What makes you think that doing the verification in the extension would >> be less secure than doing the verification on the website? What kind of >> attacks are we talking about here? > > It seems the extension is currently only downloading an unsigned json > file with https to verify the checksums, so someone controlling the > website could return a bad json file.
Correct. > So it looks like in both cases (the extension and javascript on the > website), an attacker controlling the website could make it possible > for a bad download to be seen as good by the user. However there is > still maybe a small difference: > - with javascript on the website, an attacker controlling the website > could just disable the verification and claim that any download is > good. Correct. > - with the extension, an attacker controlling the website could replace > the json file with one that contain a different checksum. However > they have to guess what the user will have downloaded from the mirrors, > which is maybe not easy if only one of the mirrors is bad. This is > assuming that the extension only accepts json files containing only > one value for the checksum, which I don't know if it is the case. The JSON file can technically contain many files and their checksums. > With the current version of the extension, I don't know if it makes a > big difference. However if there was some plan to improve the extension > to make it verify gpg signatures, then that could be a big difference. Agreed. Cheers! u. _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
