On Fri, 22 Mar 2019, sajolida wrote: > > Whether there's a security loss for the 20% of users who currently use > the extension is precisely what we are asking more opinions about. > > For example, jvoisin's primary reaction on this thread is that it's > doesn't have any significant downsides. > > What makes you think that doing the verification in the extension would > be less secure than doing the verification on the website? What kind of > attacks are we talking about here?
It seems the extension is currently only downloading an unsigned json file with https to verify the checksums, so someone controlling the website could return a bad json file. So it looks like in both cases (the extension and javascript on the website), an attacker controlling the website could make it possible for a bad download to be seen as good by the user. However there is still maybe a small difference: - with javascript on the website, an attacker controlling the website could just disable the verification and claim that any download is good. - with the extension, an attacker controlling the website could replace the json file with one that contain a different checksum. However they have to guess what the user will have downloaded from the mirrors, which is maybe not easy if only one of the mirrors is bad. This is assuming that the extension only accepts json files containing only one value for the checksum, which I don't know if it is the case. With the current version of the extension, I don't know if it makes a big difference. However if there was some plan to improve the extension to make it verify gpg signatures, then that could be a big difference. Nicolas
signature.asc
Description: Digital signature
_______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
