Search Mailing List Archives
[liberationtech] Satori - distributed tamper-resistant circumvention tools
griffin at cryptolab.net
Sat May 3 10:33:46 PDT 2014
> Can you definitely not sign extensions with a private key?
This is not an option available to any of my extensions or apps,
unfortunately. There's reference to it in the documentation, but I've
never seen this as an option for apps or for my developer account.
> Could you then force the extension to check the key before updating
> itself? Probably not, it's probably well outside of the extension's
> control, and besides, if you're worried about an evil google, hey,
> they control the browser, so you've already lost.
Walled gardens have issues, this is definitely true.
I had a discussion with Google's Ryan Sleevi about adding the option
to check SSL certificates against a hardcoded set [webrequest api hook],
but they were clear that API access to the cert isn't going to happen.
(This had been an ongoing discussion some time ago with others involved
in circumvention). They instead want people to rely on certificate
pinning. In Firefox, certificates can be accessed by extensions and
checked against a list to detect MITM (CertPatrol being the most popular
way to do this). But it doesn't seem like this will ever really be an
option for Google developers, which is a bummer.
> Tom Ritter wrote:
> Except if Google really wanted they could push down an update to
> bypass that. It'd be more work though.
It's true. But that at least limits the attack surface to just one or
two parties, and as I said the change wouldn't go unnoticed. I'm fairly
paranoid about such things, particularly given that the project is
intended as a pointed "fuck you" to the surveillance state. ^_^;;
> Anyway, I don't think any of this makes the extension worthless, far
> from it, I just wanted to understand the attacks possible for
> malicious extension update and for malicious google. Thanks for your
Thanks for checking it out! ^_^
More information about the liberationtech