Update our plans for securing Icedove's autoconfig wizard wrt. recent developments
Originally created by @intrigeri on #7064 (Redmine)
People from the Tor project have been (more or less independently) working on this topic too, and we should see what are their current take on it and results. In particular, they seem to have made good progress in communicating their needs to upstream, which we have until now totally failed at on this topic:
- https://bugzilla.mozilla.org/show_bug.cgi?id=669282 (resolved)
- https://trac.torproject.org/projects/tor/ticket/10836#comment:12 => partly resolved and merged upstream the rest is tracked by (Mozilla#971347)
- https://hg.mozilla.org/comm-central/rev/12401af31c63 -> A user preference can be set to disable ISP guessing config with this patch. However the advertised solution is in bug https://bugzilla.mozilla.org/show_bug.cgi?id=971347
- https://bugzilla.mozilla.org/show_bug.cgi?id=971347 - autoconfig vulnerable to active MITM attacks for all domains (including the ones in ISPDB)
- https://bugzilla.mozilla.org/show_bug.cgi?id=669238 -> [autoconfig] probing (guess config) does not use configured SOCKS proxy. Not a “problem” in Tails as non-Tor traffic will be dropped.
It might even be that some of our patches are now obsolete, who knows :)
This ticket covers:
- Understand what threat model our own patches address, and how successful they are in this respect
- Understand what threat model the Tor people’s patches address, and how successful they are in this respect
- Understand if these patchsets overlap and how
- Decide what patchset is higher priority, taking into account which one has the greatest chances to land upstream
Blueprint: https://tails.boum.org/blueprint/Return_of_Icedove__63__
Parent Task: #6154 (closed)
Subtasks
Related issues
- Related to #6156 (closed)
- Blocks #7746 (closed)
Edited by intrigeri