u:
> Hi all,
>
> In summary of this discussion, I would conclude that we agree that we
> can and should abandon the Verification Extension and move the code to
> our website.
>
> Thank you all for your insightful ideas & comments.
Full ack.
Regarding JS caching:
- I agree with intrigeri that t
Hi all,
In summary of this discussion, I would conclude that we agree that we
can and should abandon the Verification Extension and move the code to
our website.
Thank you all for your insightful ideas & comments.
Cheers!
u.
___
Tails-dev mailing list
Hi!
On 26.04.19 14:51, intrigeri wrote:
> u:
>> On 16.04.19 14:29, intrigeri wrote:
>
>>> One rather minor implementation note, that's relevant in this context
>>> only because any software is only as secure as the _version run by
>>> actual users_: this migration increases the need to ensure web
Hi,
u:
> On 16.04.19 14:29, intrigeri wrote:
>> One rather minor implementation note, that's relevant in this context
>> only because any software is only as secure as the _version run by
>> actual users_: this migration increases the need to ensure web
>> browsers use the correct version of the
Hi!
On 16.04.19 14:29, intrigeri wrote:
> jvoisin:
>>> General security implications
>>> -
>>>
>>> The question we are asking ourselves is: are there any predictable
>>> downsides to move the verification code from an extension to the website?
>
>> I don't see any sign
Hi,
jvoisin:
>> General security implications
>> -
>>
>> The question we are asking ourselves is: are there any predictable
>> downsides to move the verification code from an extension to the website?
> I don't see any significant downsides.
I could not find any eith
sajolida:
> u:
>> We know from Javascript statistics of our download page that roughly
>> ~20% of the downloads of Tails images are verified by users using the
>> verification extension. The optional OpenPGP verification accounts for
>> 9% of downloads (computed using the number of downloads of the
Thanks to everyone for talking through the details.
On Fri 2019-03-22 15:47:23 +0100, Nicolas Vigier wrote:
> With the current version of the extension, I don't know if it makes a
> big difference. However if there was some plan to improve the extension
> to make it verify gpg signatures, then tha
u:
> On 26.03.19 12:01, sajolida wrote:
>> u:
>> It's good to see you on our discussion channels :)
>>
>>> On 22.03.19 15:47, Nicolas Vigier wrote:
On Fri, 22 Mar 2019, sajolida wrote:
> Whether there's a security loss for the 20% of users who currently use
> the extension is precisely
Hi!
On 26.03.19 12:01, sajolida wrote:
> u:
> It's good to see you on our discussion channels :)
>
>> On 22.03.19 15:47, Nicolas Vigier wrote:
>>> On Fri, 22 Mar 2019, sajolida wrote:
Whether there's a security loss for the 20% of users who currently use
the extension is precisely what
u:
> We know from Javascript statistics of our download page that roughly
> ~20% of the downloads of Tails images are verified by users using the
> verification extension. The optional OpenPGP verification accounts for
> 9% of downloads (computed using the number of downloads of the OpenPGP
> signa
u:
> On 22.03.19 02:24, Daniel Kahn Gillmor wrote:
>> Is the concern that it's too expensive to maintain both the extension
>> and the javascript going forward?
>
> Ideally we'd only maintain one of those, but I think your idea is good:
> if we could increase verification by having an internal mec
u:
> Hi!
Hi Nicolas,
It's good to see you on our discussion channels :)
> On 22.03.19 15:47, Nicolas Vigier wrote:
>> On Fri, 22 Mar 2019, sajolida wrote:
>>> Whether there's a security loss for the 20% of users who currently use
>>> the extension is precisely what we are asking more opinions ab
Hi!
On 22.03.19 02:24, Daniel Kahn Gillmor wrote:
> Is the concern that it's too expensive to maintain both the extension
> and the javascript going forward?
Ideally we'd only maintain one of those, but I think your idea is good:
if we could increase verification by having an internal mechanism,
Hi!
On 22.03.19 15:47, Nicolas Vigier wrote:
> On Fri, 22 Mar 2019, sajolida wrote:
>> Whether there's a security loss for the 20% of users who currently use
>> the extension is precisely what we are asking more opinions about.
>>
>> For example, jvoisin's primary reaction on this thread is that i
On Fri, 22 Mar 2019, sajolida wrote:
>
> Whether there's a security loss for the 20% of users who currently use
> the extension is precisely what we are asking more opinions about.
>
> For example, jvoisin's primary reaction on this thread is that it's
> doesn't have any significant downsides.
>
jvoisin:
>> General security implications
>> -
>>
>> The question we are asking ourselves is: are there any predictable
>> downsides to move the verification code from an extension to the website?
>
> I don't see any significant downsides.
Ok, that's a pretty straight-
Daniel Kahn Gillmor:
> hi all--
>
> thanks for bringing this discussion, and your reasoning for it, to the
> broader community.
:) Thanks for chiming in!
> On Wed 2019-03-20 14:25:50 +0100, u. wrote:
>> We know from Javascript statistics of our download page that roughly
>> ~20% of the downloads
> General security implications
> -
>
> The question we are asking ourselves is: are there any predictable
> downsides to move the verification code from an extension to the website?
I don't see any significant downsides.
I think that having the verification happening
hi all--
thanks for bringing this discussion, and your reasoning for it, to the
broader community.
On Wed 2019-03-20 14:25:50 +0100, u. wrote:
> We know from Javascript statistics of our download page that roughly
> ~20% of the downloads of Tails images are verified by users using the
> verificat
Hi security people,
after working on the Verification Extension for the USB image project, I
proposed to get rid of it and integrate the Javascript code that
performs the verification directly into our website [1].
Today I'm writing to you because we need your valuable input on the
security impli
21 matches
Mail list logo
