Hi, While working on the port of our verification extension to Web Extension, Uzair told us that the crypto primitives that we are using to do certification pinning are no longer available to Web Extensions:
https://mailman.boum.org/pipermail/tails-dev/2017-October/011800.html When discussing this with anonym on Monday we wondered why we had this certificate pinning in the first place. According to our thread modeling [1], the extension cannot protect from a man-in-the-middle attack on our website -- thread (B). As a MitM or exploit on our website could defeat any verification technique by providing simplified instructions or by faking ISO verification. [1]: https://tails.boum.org/blueprint/bootstrapping/extension/ But the certificate pinning done by the extension precisely tries to prevent such an attack, but only on the download of the ISO Description File [2]. So we're saying, on one hand, that we can't protect from a MitM on our website at large, but on the other hand, we're trying to protect against it by pinning the certificate on the download of this one file. That seems incoherent and unnecessary. [2]: https://tails.boum.org/install/v1/Tails/i386/stable/latest.yml So unless someone has a better rationale to keep the certificate pinning, we'll drop it in the migration. _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
