14:59:05 #startmeeting S27 02/11 14:59:05 Meeting started Tue Feb 11 14:59:05 2020 UTC. The chair is antonela. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:59:05 Useful Commands: #action #agreed #help #info #idea #link #topic. 14:59:10 hello 14:59:11 o/ 14:59:26 greets 14:59:26 o/ 14:59:30 o/ 14:59:32 our meeting pad here https://pad.riseup.net/p/s27-meeting-keep 15:00:08 o/ 15:00:20 hello 15:00:39 hi 15:00:40 pili is not online today but lets have this meeting to sync about updates and whatever needs to be discussed 15:01:39 antonela: wanna run the meeting? 15:01:48 should i try? how do we play it? 15:01:57 haha yes 15:02:03 i think updates are in the pad 15:02:07 so lets move to discussion items 15:02:13 ack 15:02:35 we have some tickets that need review 15:02:40 #19757 15:02:59 pospeselr or acat, could one of you take this review? 15:03:17 note that it is a second review without too many changes :) 15:03:26 :) 15:03:30 (since the previous patches) 15:03:42 i'll take a second look :) 15:03:47 thanks pospeselr! 15:04:03 after this review, will we have it in some nightly mcs? 15:04:39 that is up to sysrqb (when he merges it). but we can make sure he knows we want to see it soon 15:04:57 cool, we will ping sysrqb later so :) 15:04:59 #21952 15:05:38 matt has been reviewing it, but not sure if is done or not 15:05:39 acat? 15:07:27 next one is pospeselr's #32645 15:07:39 it might need some revision, but not completely sure tbh 15:08:02 mine will definitely need revision, did some testing yesterday and not getting the right icon in certain scenarios 15:08:28 but should hopefully have fix(es) up today or tomorrow depending 15:08:31 acat: are you waiting for matt? or do you need to push before next review? 15:08:44 pospeselr: nice, maybe mcs/brade can review it 15:08:53 (whoops) 15:09:36 hello :) 15:09:44 after that i'll move on to fixing the problem where we get those WARNING splash screens (I forget the ticket number but it's a child off of 32645's parent) 15:09:49 brade and I can review the fix for #32645 (we will wait for rev2) 15:10:27 thanks mcs and brade! 15:10:32 pospeselr: do you mean childs of #30025? 15:11:06 yeah i think so 15:11:10 one sec i can find it 15:11:14 i didn't start looking at the patch for onion-location, i only commented on the plan/proposal 15:11:38 but i should look at the code, and we can think about getting it into nightly 15:11:44 builds 15:11:52 sysrqb: nice 15:12:21 pospeselr: we can talk about O2A4 child tickets now, which is the next discussion item 15:13:01 we have a few child tickets there and could be nice if we discuss what can be done and what not considering the timeframe we have 15:14:06 aha 15:14:20 #13410 15:15:03 just for some additional context, we talked with the people handling the onions of some big orgs the other day, and all of them mentioned that the SSL cert situation is very troublesome for them 15:15:09 yeah that's the one 15:15:25 both because they need to pay for the EV cert, and also because it's a big procedure for them applying for certs 15:15:33 so this self-signed business becomes more important 15:15:45 i think this is doable 15:15:46 i'm wondering what's your plan with the SSL parts of O2A4 15:16:03 asn and i chatted yesterday about what we can accomplish during the s27 timeframe 15:16:26 there are two general ideas for this 15:16:37 one is likely significantly more difficult than the other 15:17:04 1) ignore tls warnings when the cert is for an onion address 15:17:33 2) treat tls certs that are signed by the onion service key as CA-signed (or something to that dffect) 15:17:37 *effect 15:17:58 (2) is likely an invasive change within necko and maybe nss 15:18:08 (1) seems potentially dangerous but easier 15:18:45 we'd need to be sure we catch any edge cases with (1), else we break tls security in tor browser, which would be...not so good 15:19:13 i'm not sure if (1) is any more dangerous than (2) for realistic threat models 15:19:14 but, to asn's question, we didn't really have a plan until yesterday 15:19:26 asn: could be 15:19:49 because it seems like (2) protects against some esoteric attacks, but both (1) and (2) allow people to do SSL with self-signs basically 15:19:55 what are the concerns with doing (1) ? 15:20:03 like how is it particularly dangerous? 15:20:35 can somoene take this question? 15:20:43 asn: i think i see (2) as less dangerous because it has a narrower scope - only if the cert is signed by the onion service key 15:20:45 i can give handwavey answer if needed 15:21:28 whereas (1) results in a valid certificate if the cert includes the onion address 15:21:42 i'm worrying about "attacker wants to impersonate FB. makes fake FB onion and corresponding onion-signed cert. points user to fake FB. user checks SSL indicators and think that they are secure because SSL is there and no warnings" 15:21:42 in practice, maybe they're basically the same 15:21:47 which is maybe your point 15:21:50 this attack neither (1) or (2) fixes 15:22:03 right 15:22:05 but i'm not sure if this attack is in the threat model. that is, if users actually look at SSL indicators 15:22:12 or if they should be looking at them 15:22:34 yeah, there isn't any validation and phishing is easier than before 15:23:15 oh i see 15:23:16 pospeselr: my concern with (1) is missing an edge case and allowing an invalid cert on a non-onion site when it shouldn't be allowed 15:23:45 alright i'll keep that in mind 15:23:59 as in, decreasing the security notion of TLS on the internet while decreasing warning fatigue on onion sites 15:24:30 but phishing is already an unsolvable problem 15:24:56 (in terms of what we have available today) 15:25:01 right 15:25:17 so i don't think the threat of phishing should prevent us from doing this 15:26:39 in any case, my feeling is that (1) is something we can implement within the next month or so 15:26:53 and (2) would likely take more time than that 15:27:20 plus tor will need to learn how to sign a tls cert 15:27:50 https://github.com/ahf/onion-x509 15:27:55 (maybe that only means it needs to accept a tls cert via commandline because it already signs certs internally) 15:27:56 this is a related project from ahf ^ 15:28:00 oh ho 15:28:16 but i think ahf told me that firefox esr does not support ed25519 ssl sigs? 15:28:22 oh, alrighty 15:28:42 oh, hrm. i don't know 15:29:18 i heard it may take a long time before browsers start accepting ed25519 sigs 15:29:23 there is an onion address somewhere on that github readme that don't work - it might be my stuff that don't work or it might be missing ed25519 15:29:29 but i haven't looked into it 15:30:21 no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP 15:30:47 hrm. yeah. okay, that's another reason for ignoring (2) right now 15:31:47 pospeselr: you'll start looking at this? 15:31:51 is (1) covered by #13410? 15:32:09 mcs: yeah I think so 15:32:21 cool, so we have a plan 15:32:21 or is it broader than just ignoring self-signed warnings? 15:32:22 yes i think so too 15:32:25 * antonela kind of 15:32:38 How would mixed-content warnings function if 1) was deployed? 15:32:54 o/ dennis 15:33:08 o/ (sorry for diving in with a question) 15:33:14 np :) 15:33:23 hi dennis_jackson 15:33:25 so for #32645 mixed-content warnings happen when an onion resource embeds non-onion resources 15:34:29 dennis_jackson: are you imagining the top level context was created over a tls connectoin from a (would-be) invalid cert 15:34:32 via the onion+warning icon in the toolbar 15:34:40 and that contains a resource loaded over http? 15:35:05 fwiw tons of work was done on this here: https://trac.torproject.org/projects/tor/ticket/23247#comment:20 15:35:15 I am also wondering about how trust relationships between domains and subdomains play with different onion services 15:35:16 including expectations and icons etc. 15:35:24 dennis_jackson: or top-level context is from a valid tls-cert connection and subresource is from a (would-be) invalid tls cert connection 15:35:29 isabela and tjr also helped back then 15:37:44 so, we also have #27636 and #30937 listed as a child 15:37:46 dennis_jackson: i think the answer depends on the scenario you're imagining 15:38:31 i think the plan is that #30937 is covered by #13410 15:39:08 great 15:40:02 sysrqb: Fair enough, I will go and read the various tickets and have a think 15:40:32 antonela: tom's comment on that ticket is interesting, though 15:40:36 " I had thought that SSL certs that cause errors should not cause an intersitial error; but they also should not get the Onion+Lock icon (and only the Onion icon.) " 15:40:50 the end part, in particular 15:41:16 it is, yes 15:41:42 i think I agree 15:41:58 a bit of a moot point, as onion+lock doesn't exist anymore after #32645 15:42:02 i think most of the discussion around which escenario should have which icon happened during #23247 - now we are iterating over it, not over the behaviour (mostly) but over the UI 15:42:14 and yes, onion+lock doesnt exist anymore 15:42:40 Mmm true 15:42:49 okay, good. carry on :) 15:43:20 other child tickets are UI related so i think we are good: #27657 15:43:31 and #26491 15:43:44 so, pospeselr will work on *all* this stuff? 15:43:57 are we planning to fix all of those for S27? what can we defer? 15:44:05 exactly, that is the question 15:44:16 I believe the bottom line is: s27 ends in April ? 15:44:27 we can't finish all of these tickets 15:44:33 yes it ends in April 15:45:07 I thought it ended March 31 15:45:12 mostlikely we'll only work on sponsor27-must tickets 15:45:28 brade: yeah April 1st or March 31st, correct 15:45:31 yes march 31st indeed 15:46:05 i dont think is a problem for otf to give an extension, but is pili who is running estimations and roadmaps 15:46:20 we don't have cycles for an extension 15:46:30 what it means? 15:46:44 unfortunately because we're migrating to Release cycle 15:46:57 i see 15:47:08 mmm okey 15:47:08 we don't have enough people for working on both s27 and the migration after March 15:47:16 maybe is something to discuss with pilar when she is back 15:47:45 yeah. i'll discuss this with her 15:47:51 anyways, we are close to the hour 15:47:56 anything else folks? 15:49:13 I would say #30090 can be closed 15:49:19 ahh thanks! 15:49:34 cool, will do it -- i wonder if we need some sort of documentation about it or if it is already done 15:49:35 unless something did not make it into the tor docs (but I think everything did or will once final patches land) 15:49:40 perfect 15:49:44 will close that one then 15:50:00 asn or dgoulet can confirm :) 15:50:09 i think it's good yes 15:50:51 great 15:51:27 there is also this discussion point: Should we contact SecureDrop folks to start setting some specs about the rulesets we need? 15:51:36 I am not sure what that refers to though 15:51:43 it is related with O2A5 15:51:53 https-e and onionnames 15:51:54 this might be a good idea tbh 15:51:54 ah 15:52:08 acat wanna use that thread we started to establish some contact with jenn? 15:52:56 ok, but what do we need to ask for exactly? 15:53:27 i guess we should tell them that in X weeks we will ask them for precise rulesets? 15:53:30 or for an update channel? 15:53:33 and how they envision it? 15:53:36 or how we envision it 15:54:43 ok, i assume asking for an update channel is reasonable, in a way that we can scope it to *.securedrop.tor.onion 15:54:50 right 15:54:53 exactly 15:55:29 good, will do 15:55:46 cool 15:56:24 i added a question about the nightlies but maybe we can talk about them next week once more patches are reviewed 15:56:55 (i'll be traveling next week, so might miss this meeting) 15:57:02 i think that is all then 15:57:06 antonela: thanks for running the meeting today 15:57:16 no problem, thanks for being around! 15:57:40 o/ 15:57:47 thanks all! 15:57:52 #endmeeting