Merge remote-tracking branch 'origin/feature/7461-persistence.conf-in-whisperback...

[tails/lblissett.git] / wiki / src / blueprint / download_extension.mdwn

[[!meta title="Automatic ISO verification extension for Firefox"]]

We are planning to create a custom Firefox add-on to download and verify Tails
using SHA-256 checksum.

[[!toc]]

Objectives
==========

  - To fix the ISO verification method using Windows. It has been broken since
    Firefox 20.
  - To simplify the installation process by automating some ISO verification
    during the download process.

This would fix the main stumbling block for Tails verification (and thus
installation) for the vast majority of users.

Security considerations
=======================

  - People are downloading their ISO image from one of our mirrors. Those
    mirrors are run by volunteers and the content of what they serve is not
    authenticated.
  - On the other hand, the information served on tails.boum.org is
    authenticated through HTTPS.
  - Downloading Firefox and installing add-ons is also done through HTTPS on
    mozilla.org.
  - Forcing Firefox users who are downloading the ISO image through HTTP to
    verify its checksum can only increase the average level of verification
    that people do on Windows and Mac OS systems.
  - But HTTPS does not provide strong authentication. So our documentation
    should make that clear and keep providing instructions for authentication
    using OpenPGP but as an additional check.

<a id="scenario"></a>

Scenario
========

ISO download
------------

  - When the user clicks on the direct download button from the [[download
    page|download#index2h1]], Firefox proposes to install the extension.
  - The user allows the installation of the extension.
  - The extension starts the download and the user decides where to save it.
  - The webpage is modified and displays a progress bar of the download.
  - The user might or might not close the webpage.
  - The download also appears in the usual list of downloads of Firefox.

ISO verification
----------------

  - When the download finishes, the ISO verification starts.
  - The extension checks the size of the download to verify that the download
    was complete.
  - The extension compares the checksum of the ISO image to a checksum found on
    the website through HTTPS.
  - The extension displays the result to the user:
    - If the original webpage is still open, it now either:
      - Points the user to the installation documentation.
      - Proposes troubleshooting strategies.
    - Otherwise it shows the result in a popup message and points to the
      appropriate page.

Other desirable features
========================

  - Be able to use that extension, once installed to verify ISO images
    downloaded using BitTorrent for example.
  - Be able to use that extension to verify other ISO images, testing images,
    older ISO images, etc. In that case the user would be warned about the
    deprectated or experimental status of the ISO image.
  - Be able to use that extension to check the GPG signature. On top of
    verifying the checksum, this would provide TOFU authentication. Then, if the
    user downloads a genuine app and a genuine key on first use, then she will
    be protected from a later compromision of the HTTPS certificate of
    tails.boum.org.

Technical insight
=================

  - That technique should be multiplatform and work from TBB as well.
  - The extension can get the checksum and the URL of the ISO image from the
    `<div id="content">` in following static pages:
    - <https://tails.boum.org/inc/stable_i386_iso_url/>
    - <https://tails.boum.org/inc/stable_i386_hash/>
  - The same tricks should be used to get the file size.
    See [[!tails_ticket 7417]].