<div>Not sure the following is entirely clear or complete,</div><div>but I tried to capture the concerns from the meeting</div><div>and the ensuing discussion.</div><div><br></div><div>Hope it helps.</div><div><br></div><div>Arlo</div><div><br></div><div><br></div><div><span style="line-height: 12.800000190734863px; "><br></span></div><div><span style="line-height: 12.800000190734863px; ">Attentive Otter Plan</span></div><div><pre class="line-pre" style="line-height: 12.800000190734863px; width: 737.5999755859375px; margin-top: 0px; margin-bottom: 0px; padding: 0px; "><div class="line"><font face="Helvetica">====================</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica">Goal</font></div><div class="line"><font face="Helvetica">----</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Add instant-messaging to the Tor browser bundle in order to provide a secure</font></div><div class="line"><font face="Helvetica"> communication tool which supports the free flow of information online.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica">Overview</font></div><div class="line"><font face="Helvetica">--------</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Instantbird [1] is a cross-platform IM client based on Mozilla's XULRunner.</font></div><div class="line"><font face="Helvetica"> The following presents the necessary steps to turn Instantbird into the</font></div><div class="line"><font face="Helvetica"> future Tor Messenger.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica">A Way Forward</font></div><div class="line"><font face="Helvetica">-------------</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 1. Remove libpurple dependence</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> This is a trivial amount of work and changes to the build to support it would</font></div><div class="line"><font face="Helvetica"> be accepted upstream. They are already considering moving libpurple, and the</font></div><div class="line"><font face="Helvetica"> added protocols it supports, to an add-on for reasons of licensing/code</font></div><div class="line"><font face="Helvetica"> quality. JS implementations of the following protocols exist: XMPP, Google</font></div><div class="line"><font face="Helvetica"> Talk, Facebook, IRC, Twitter, with Yahoo landing soon and AIM/ICQ started but</font></div><div class="line"><font face="Helvetica"> further away. </font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 2. OTR support</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Instantbird currently lacks support for OTR. Two pieces are needed here: a</font></div><div class="line"><font face="Helvetica"> suitable OTR implementation, and an interface between the client and that</font></div><div class="line"><font face="Helvetica"> library (essentially, the role that pidgin-otr plays).</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> To get started, for the OTR library, a js-ctypes wrapper of libotr should be</font></div><div class="line"><font face="Helvetica"> used in conjunction with the message observer API. Code [2] from a few years </font></div><div class="line"><font face="Helvetica"> ago towards this end has been written but probably needs to be dusted off and</font></div><div class="line"><font face="Helvetica"> extended. An effort is underway at Mozilla to implement OTR in JS using NSS,</font></div><div class="line"><font face="Helvetica"> which could be dropped in as a replacement. A patch has been submitted [3]
but it looks far from complete, so I wouldn't expect it anytime soon. When
asked, they said it won't be ready for *a while*. Should the NSS
implementation fail to materialize entirely, they would still be willing to take the</font></div><div class="line"><font face="Helvetica"> ctypes wrapper and libotr, as it doesn't present any licensing issues. In his</font></div><div class="line"><font face="Helvetica"> analysis, Mike suggested converting the ctypes wrapper to an XPCOM</font></div><div class="line"><font face="Helvetica"> wrapper but it's unclear why that's preferable.</font></div><div class="line"><font face="Helvetica"><br></font></div><div class="line"><font face="Helvetica"> The front-end side seems like a larger undertaking. This involves not only</font></div><div class="line"><font face="Helvetica"> the interaction with the message observer API but handling the quirks in the</font></div><div class="line"><font face="Helvetica"> various protocols (think /me in IRC), authentication including SMP, and</font></div><div class="line"><font face="Helvetica"> importing and storing long-term keys. Sukhe estimated at least a month of</font></div><div class="line"><font face="Helvetica"> development time and expressed an interest in being the one to undertake it.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> On the bright side, the Instantbird team seems eager for OTR support and this </font></div><div class="line"><font face="Helvetica"> work will most likely be upstreamed.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 3. Disable logging</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> An add-on may be required to ensure certain desirable configurations, like</font></div><div class="line"><font face="Helvetica"> logging disable by default. A difference in goals between UX for the</font></div><div class="line"><font face="Helvetica"> average user and the TIMBB user may force us to maintain these changes.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 4. Tor controller</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Tor Launcher will be used as the controller. Sukhe has already reported</font></div><div class="line"><font face="Helvetica"> having this working.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Using only JS protocol implementations means all traffic goes through</font></div><div class="line"><font face="Helvetica"> nsIChannels, making proxy support fairly easy to verify. For DNS,</font></div><div class="line"><font face="Helvetica"> network.proxy.socks_remote_dns should be set. DNS SRV should not be an issue</font></div><div class="line"><font face="Helvetica"> seeing as how it isn't supported by Mozilla [4]. Should test for other</font></div><div class="line"><font face="Helvetica"> UDP traffic leaks.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 5. Messaging window</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Jail it to type=content. Preferably everything is displayed in plaintext,</font></div><div class="line"><font face="Helvetica"> with HTML disabled or at least sanitized with an XSS filter [5]. Disable JS</font></div><div class="line"><font face="Helvetica"> and other features. Make use of all the preferences from TorBirdy.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 6. Installer and updates</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Leverage the work that's already being done on Mozilla's updater for the TBB.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 7. Deterministic builds</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Deterministic builds for the TBB was a major undertaking. I can't imagine</font></div><div class="line"><font face="Helvetica"> this case being any different, less the experience and groundwork already</font></div><div class="line"><font face="Helvetica"> laid.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 8. Sandboxing</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Come up with a practical, cross-platform way to sandbox the application.</font></div><div class="line"><font face="Helvetica"> I don't have an answer here. Maybe you do.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 9. Audit</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> - Instantbird's render attack surface (content window, XSS filter, etc.)</font></div><div class="line"><font face="Helvetica"> - Crypto in NSS and how JS uses it</font></div><div class="line"><font face="Helvetica"> - Interface between the UI and OTR</font></div><div class="line"><font face="Helvetica"> - Proxy by-pass</font></div><div class="line"><font face="Helvetica"> - And more ...</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 10. Translations</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> Instantbird is available in 14 languages, including French and Spanish.</font></div><div class="line"><font face="Helvetica"> However, none are RTL and we want to support Arabic and Farsi. Messaging</font></div><div class="line"><font face="Helvetica"> should already work for RTL languagues though, they've fixed a few bugs</font></div><div class="line"><font face="Helvetica"> to ensure it, and reflecting the UI is reported to not be a ton of work.</font></div><div class="line"><font face="Helvetica"> They are definitely willing to accept patches here.</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> 11. Other considerations</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica"> - Disable Instantbird's built-in auto-updater and crash reporter</font></div><div class="line"><font face="Helvetica"> - For sure OTR on by default, but maybe disallow any non-OTR comm. entirely</font></div><div class="line"><font face="Helvetica"> - CA verification: TOFU mode? Pin popular domains?</font></div><div class="line"><font face="Helvetica"> - Disable older TLS/SSL suites</font></div><div class="line"><font face="Helvetica"> - Consider the interaction between all three Tor bundles (FF, TB, IM). Tor</font></div><div class="line"><font face="Helvetica"> Launcher could attempt to authenticate and read settings from an already</font></div><div class="line"><font face="Helvetica"> running control port.</font></div><div class="line"><font face="Helvetica"> - Choose a different default profile folder (to avoid picking up plugins</font></div><div class="line"><font face="Helvetica"> and other unsafe settings)</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica">References</font></div><div class="line"><font face="Helvetica">----------</font></div><div class="line"><font face="Helvetica"> </font></div><div class="line"><font face="Helvetica">[1] http://instantbird.com/</font></div><div class="line"><font face="Helvetica">[2] https://gitorious.org/fireotr/fireotr</font></div><div class="line"><font face="Helvetica">[3] https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c20</font></div><div class="line"><font face="Helvetica">[4] https://bugzilla.mozilla.org/show_bug.cgi?id=14328</font></div><div class="line"><font face="Helvetica">[5] https://mxr.mozilla.org/comm-beta/source/chat/modules/imContentSink.jsm</font></div></pre></div>
<div></div>