<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: autoconfig/ISPDB should be an official module and
related Q's</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 3 Sep 2013 07:51:14 -0700 (PDT)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Philippe Chiasson <a class="moz-txt-link-rfc2396E" href="mailto:pchiasson@mozilla.com"><pchiasson@mozilla.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>Ludovic Hirlimann <a class="moz-txt-link-rfc2396E" href="mailto:lhirlimann@mozilla.com"><lhirlimann@mozilla.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div><br>
<br>
--
<div>Philippe M. Chiasson</div>
<div><<a moz-do-not-send="true"
href="mailto:gozer@ectoplasm.org">gozer@ectoplasm.org</a>></div>
</div>
<div><br>
On 2013-09-02, at 5:28 AM, Ludovic Hirlimann <<a
moz-do-not-send="true" href="mailto:lhirlimann@mozilla.com">lhirlimann@mozilla.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
Can you reply for the propagation ?<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>autoconfig/ISPDB should be an official module and
related Q's</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date:
</th>
<td>Mon, 26 Aug 2013 16:10:28 -0400</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From:
</th>
<td>Andrew Sutherland <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:asutherland@asutherland.org"><asutherland@asutherland.org></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To:
</th>
<td><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tb-planning@mozilla.org">tb-planning@mozilla.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>There doesn't appear to be a module corresponding to the ISPDB database
entries or the helper web interface that was created. We should likely
create one for clarity.
>From the r= lines on existing commits to
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/">http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/</a>
it looks like these are existing reviewers:
- BenB
- bwinton
- gozer
- sancus
</pre>
</div>
</div>
</blockquote>
<div>Yes, I've been steadily reviewing these. Not entirely sure
why I ended up doing it, however.</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre>There also seem to be some one-off reviewers that seem like it was t
indicating the owner of the service or the supplier of the config or a
tester of the config.
A few related questions, some of which may be answered by wiki pages or
other existing docs that I was unable to find:
- Is
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/">http://svn.mozilla.org/mozillamessaging.com/sites/ispdb.mozillamessaging.com/trunk/</a>
still the right repo? The last commit appears to have been made Sep 6,
2012.
</pre>
</div>
</div>
</blockquote>
<div>That's the web app, now defunct.</div>
<div>The actual configuration is hosted under <a
moz-do-not-send="true" href="http://autoconfig.momo.com">autoconfig.momo.com</a>
under the same svn repo</div>
<br>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre>- How does the ISPDB get propagated into production?
</pre>
</div>
</div>
</blockquote>
<div>Cron job pushes trunk to production on a schedule (15 minute
intervals I believe)</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre>- What team within the Mozilla IT organization is responsible for it
staying up?</pre>
</div>
</div>
</blockquote>
<div>Falls under webops's responsibility now.</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre> Would it make sense to transfer responsibility under
whoever runs the Firefox OS services? Especially because Firefox OS
devices get used around the world, my main concern would be making sure
that we have the strongest uptime guarantee possible / the biggest pool
of people on pager duty around the clock.</pre>
</div>
</div>
</blockquote>
<div>A possibility. And the site itself is just a collection of
generated static XML files, so it's very simple.</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre> I'm not aware of any
historical problems, and maybe there is already one global pool. Either
way, it would be great to get the autoconfig/ISPDB stuff listed on
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://status.mozilla.com/">http://status.mozilla.com/</a> or what not.
</pre>
</div>
</div>
</blockquote>
<div>Good idea</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre>- The attack tree for mobile Firefox OS devices that are using
potentially suspect wi-fi and/or cellular data where it's feasible for
attackers to set up fake cell towers is different than for Thunderbird.
Thunderbird assumes a more trustworthy level of network connection.
Since wide-spread DNSSEC support is unlikely in the immediate future, I
could see us needing to re-visit how autoconfig is implemented for
Firefox OS's e-mail client. Part of the solution might be to use the
autoconfig server as something resembling a second, more trusted level
of information. If your device's local network and the SSL-secured
response from the autoconfig server agreed on the insecure DNS/HTTP
lookups, that's reassuring data.
We would not want to use the mozilla server as the sole source of truth
since creating a single point of attack is a bad idea. And for
simplicity and security audit purposes I would expect us to have the
server still be based on a simple svn/hg/git checkout of static data so
there's no dynamic app that could have security holes. </pre>
</div>
</div>
</blockquote>
<div>And that's how it's running right now.</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre> If there is
continued interest in still supporting self-signed certificates, it
could also make sense for the ISPDB entries to indicate that self-signed
certificate is known to be used and to include the exact key/fingerprint.
</pre>
</div>
</div>
</blockquote>
<div>A good idea to extend the ispdb API</div>
<blockquote type="cite">
<div>
<div class="moz-forward-container">
<pre>Other factors are a desire to potentially include ActiveSync entries in
the database or DNS SRV byproducts, which we previously touched on in
the "Adding Exchange ActiveSync configs to the Mozilla ISP DB?" thread
late last year.
The question here is whether this use-case is different enough from
Thunderbird's use-case that we should consider effectively forking the
repo if we revisit the device's autoconfig setup and decide we do want a
lot more? I think the XML schema was forward-looking enough that this
wouldn't be required, but since Firefox OS devices exist in such a
different world, I think it's worth raising the question, especially
because we would likely be doing a lot of automated-but-human-skimmed
entry creation. Also note that we may end up just installing the ISPDB
entries on the device as a preliminary step in the future, albeit in a
potentially more compressed representation.
Andrew
_______________________________________________
tb-planning mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:tb-planning@mozilla.org">tb-planning@mozilla.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/tb-planning">https://mail.mozilla.org/listinfo/tb-planning</a>
</pre>
<br>
</div>
<br>
</div>
</blockquote>
<br>
</div>
<br>
</body>
</html>