Re: [Tails-dev] ISO verification

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] ISO verification
sajolida wrote (31 Jul 2015 14:14:28 GMT) :
> intrigeri:
>> Giorgio Maone wrote (09 Jul 2015 07:22:52 GMT) :
>>>> Can a web page (and scripts it may be running) loaded in a given
>>>> browser tab interfere in any way with the content of another tab?
>>> Only if it's same origin with that tab, or [...]
>>
>> Thanks a lot for these explanations! This addresses my remaining
>> concerns on this topic :)
>>
>> I guess sajolida will want to capture this reasoning on the blueprint.


> I added this in our blueprint with commit 506ef9c, I'll push it soon.


> I also guess that we cannot protect from another malicious extension
> installed in the same browser. That's now attack [I] for which I wrote
> commit 7ae105b:


>     We are not considering an attacker who can:


>       - [I] Provide a malicious extension in the same browser as this
>         would have similar effects than attack [F].


> Correct me if I'm wrong.


Thanks! Added some minor fixes on top (673921f, 05e5c80, 5ee08ac).

Cheers,
--
intrigeri