autoconfig/ISPDB should be an official module and related Q's

Andrew Sutherland asutherland at asutherland.org
Mon Aug 26 20:10:28 UTC 2013


There doesn't appear to be a module corresponding to the ISPDB database 
entries or the helper web interface that was created.  We should likely 
create one for clarity.

 From the r= lines on existing commits to 
http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/ 
it looks like these are existing reviewers:
- BenB
- bwinton
- gozer
- sancus

There also seem to be some one-off reviewers that seem like it was 
indicating the owner of the service or the supplier of the config or a 
tester of the config.


A few related questions, some of which may be answered by wiki pages or 
other existing docs that I was unable to find:

- Is 
http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/ 
still the right repo?  The last commit appears to have been made Sep 6, 
2012.

- How does the ISPDB get propagated into production?

- What team within the Mozilla IT organization is responsible for it 
staying up?  Would it make sense to transfer responsibility under 
whoever runs the Firefox OS services?  Especially because Firefox OS 
devices get used around the world, my main concern would be making sure 
that we have the strongest uptime guarantee possible / the biggest pool 
of people on pager duty around the clock.  I'm not aware of any 
historical problems, and maybe there is already one global pool.  Either 
way, it would be great to get the autoconfig/ISPDB stuff listed on 
http://status.mozilla.com/ or what not.

- The attack tree for mobile Firefox OS devices that are using 
potentially suspect wi-fi and/or cellular data where it's feasible for 
attackers to set up fake cell towers is different than for Thunderbird.  
Thunderbird assumes a more trustworthy level of network connection.  
Since wide-spread DNSSEC support is unlikely in the immediate future, I 
could see us needing to re-visit how autoconfig is implemented for 
Firefox OS's e-mail client.  Part of the solution might be to use the 
autoconfig server as something resembling a second, more trusted level 
of information.  If your device's local network and the SSL-secured 
response from the autoconfig server agreed on the insecure DNS/HTTP 
lookups, that's reassuring data.

We would not want to use the mozilla server as the sole source of truth 
since creating a single point of attack is a bad idea.  And for 
simplicity and security audit purposes I would expect us to have the 
server still be based on a simple svn/hg/git checkout of static data so 
there's no dynamic app that could have security holes.  If there is 
continued interest in still supporting self-signed certificates, it 
could also make sense for the ISPDB entries to indicate that self-signed 
certificate is known to be used and to include the exact key/fingerprint.

Other factors are a desire to potentially include ActiveSync entries in 
the database or DNS SRV byproducts, which we previously touched on in 
the "Adding Exchange ActiveSync configs to the Mozilla ISP DB?" thread 
late last year.

The question here is whether this use-case is different enough from 
Thunderbird's use-case that we should consider effectively forking the 
repo if we revisit the device's autoconfig setup and decide we do want a 
lot more?  I think the XML schema was forward-looking enough that this 
wouldn't be required, but since Firefox OS devices exist in such a 
different world, I think it's worth raising the question, especially 
because we would likely be doing a lot of automated-but-human-skimmed 
entry creation.  Also note that we may end up just installing the ISPDB 
entries on the device as a preliminary step in the future, albeit in a 
potentially more compressed representation.

Andrew



More information about the tb-planning mailing list