Move the verification JavaScript from the verification extension to the page itself

Originally created by @Anonymous on #16128 (Redmine)

Nothing in https://tails.boum.org/contribute/design/verification_extension/ actually prevents us from including the code to verify Tails ISO images directly on our website. The extension does not seem to provide any particular benefit (since it’s been rewritten at least) over using the forge library and the verification code directly in the browser. As we use native Web APIs from the browser, we have access to the File objects and could even create a drag & drop area for the files to check.

The extension does not protect from MITM (then everything would be MITM’ed) and it does not protect from phishing (somebody who creates a webpage called tails.boum.org using weird unicode can always have a lets encrypt certificate for their domain and
pretend that everything is working well).

I’ve re-read the abovementioned design document and I cannot see any benefit in maintaining an extension currently.

Here is a proposal of iterations to get this done:

Iteration #1

have a security discussion
if we agree on security: move the code to the website without
changing the current setup (we would change some button texts but
not fundamentally modify the layout and functioning of this page)
This means keeping the same interactions:

# The user downloads the file
# The user clicks on “Verify Tails 3.13…”

- implementation-wise this could be done in a prototype at first
- review and modify carefully our Cross-origin policies, so that thread H (in the blueprint) is mitigated.
- Check if caching of JS files on the server poses a problem

properly deprecate the extension and make people aware that it’s
unsupported and it does not fire on the page (need to research
mechanisms to do that)
Update the design documentation

At this point we’ll already be able to see the benefits of the
replacement in terms of usage on the number of downloads. We’ll also be
in a better position to guess how much improvement we can hope from the
on-the-fly verification.

We could also

have an unreleased proof-of-concept on the feasibility of on-the-fly
verification. So we’re better armed to evaluate the cost of a second
iteration.

Hourly budget estimation: 60 hrs in total for everyone involved

Iteration #2

revamp visually + user testing
implement on-the-fly verification
if needed at this point: more code

Hourly budget estimation: 40 hrs in total for everyone involved

Subtasks

#17564 (closed)

Related issues

Related to #15995 (closed)
Related to #16091

_Originally created by @Anonymous on [#16128 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16128)_

Nothing in
<https://tails.boum.org/contribute/design/verification_extension/>
actually prevents us from including the code to verify Tails ISO images
directly on our website. The extension does not seem to provide any
particular benefit (since it’s been rewritten at least) over using the
forge library and the verification code directly in the browser. As we
use native Web APIs from the browser, we have access to the File objects
and could even create a drag & drop area for the files to check.

The extension does not protect from MITM (then everything would be
MITM’ed) and it does not protect from phishing (somebody who creates a
webpage called tails.boum.org using weird unicode can always have a lets
encrypt certificate for their domain and  
pretend that everything is working well).

I’ve re-read the abovementioned design document and I cannot see any
benefit in maintaining an extension currently.

Here is a proposal of iterations to get this done:

# Iteration #1

- have a security discussion
  - if we agree on security: move the code to the website without  
    changing the current setup (we would change some button texts but  
    not fundamentally modify the layout and functioning of this page)  
    This means keeping the same interactions:

\# The user downloads the file  
\# The user clicks on “Verify Tails 3.13…”

\- implementation-wise this could be done in a prototype at first  
\- review and modify carefully our Cross-origin policies, so that thread
H (in the blueprint) is mitigated.  
\- Check if caching of JS files on the server poses a problem

- properly deprecate the extension and make people aware that it’s  
    unsupported and it does not fire on the page (need to research  
    mechanisms to do that)
  - Update the design documentation

At this point we’ll already be able to see the benefits of the  
replacement in terms of usage on the number of downloads. We’ll also
be  
in a better position to guess how much improvement we can hope from
the  
on-the-fly verification.

We could also

- have an unreleased proof-of-concept on the feasibility of
    on-the-fly  
    verification. So we’re better armed to evaluate the cost of a
    second  
    iteration.

Hourly budget estimation: 60 hrs in total for everyone involved

# Iteration #2

- revamp visually + user testing
  - implement on-the-fly verification
  - if needed at this point: more code

Hourly budget estimation: 40 hrs in total for everyone involved

### Subtasks

- [ ] tails/tails#17564

### Related issues

- **Related to** tails/tails#15995
  - **Related to** tails/tails#16091

Edited May 15, 2020 by Anonymous

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.