[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by kaepora):
Replying to [comment:26 mikeperry]:
> Unfortunately, putting Cryptocat into the default TBB is not zero
cost/zero risk. Here's a list of things that would make me feel better
about the decision.
>
> First and foremost, I'd want to be absolutely sure that it didn't
potentially expose even users who didn't use it to XUL XSS bugs or other
vulnerabilities. Related. I'd want to be sure the UI didn't confuse or
distract users who didn't know what it was for.
>
> Second, I am very concerned that there were XUL XSS bugs in the chat
windows. To me, that's a bad sign. Ideally, I'd like to see something on
your side (ie a tag in your bugtracker or some other document you wrote)
that enumerates the patches that resulted from your first audit.
The patches in which we fixed the audit bugs are enumerated (perhaps
incompletely) in this [https://blog.crypto.cat/2012/11/security-update-
our-first-full-audit/ blog post].
>
> Third, while it does look like the audit was extremely thorough, I think
I'd prefer a second one for this reason. XUL XSS is quite serious, and
since you're writing a network-facing app with lots of user and network
provided content, its critical that your code receives lots of this type
of review.
Very well. Who would you recommend to perform the second audit? If you can
give me a preferred auditor or a list of auditors that the Tor Project
would feel comfortable with, I have no problem getting in touch with them.
> I also want to feel sure you understand the issues and vulnerability
vectors here, so I can be confident they won't reappear in future versions
as you add features.
I can safely say that I strongly understand.
> Fourth, I guess I am mildly concerned about the crypto security. I don't
believe it's impossible to do crypto with JS, but I would prefer it if the
underlying primitive implementations also had a chance for review,
especially since our inclusion of this addon would probably be seen as
endorsement of its crypto and security by many.
Our OTR implementation has been reviewed. If there is a specific type of
further review you would wish to ask for, we can see it done.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs