Re: [Tails-dev] Security implications: moving code from Ver…

Delete this message

Reply to this message
Author: u
Date:  
To: Daniel Kahn Gillmor, The Tails public development discussion list
Subject: Re: [Tails-dev] Security implications: moving code from Verification Extension to our website
Hi!

On 22.03.19 02:24, Daniel Kahn Gillmor wrote:

> Is the concern that it's too expensive to maintain both the extension
> and the javascript going forward?


Ideally we'd only maintain one of those, but I think your idea is good:
if we could increase verification by having an internal mechanism, this
would be an improvement. However, the question remains: what happens if
an attacker controls the website?

> If the expense of maintaining the extension is too much, i wonder
> whether image verification is the ultimate concern at all. For example,
> should we be considering other approaches like external, spot-checked
> download verification with monitoring and reporting, as some measure of
> resilience against non-targeted attack? (maybe this is already in place
> and i just don't know about it)


I'm not quite sure what you mean but we regularly and automatically
check that all the mirrors serve correct images ({IMG, ISO} + SIG are
checked), independently of the individual verification that users should
do when downloading an image. But there might be a delay with us
reacting to this if a mirror is compromised.

Cheers!
u.