Re: [T(A)ILS-dev] doc: warnings
El 23/04/11 07:44, intrigeri escribió: Hi, sajolida wrote (22 Apr 2011 15:22:01 GMT) : I changed that and put every different warning section as h1. Well, actually you didn't: '' = '# ' = 1st level '' = '## ' = 2nd level I've fixed this. There seems to be no clear preference on the wiki source between using '-'-style of '#'-style headers, Right? Right. I'm not convinced by commit 63259418 (SHA256 checking howto)'s current effects. As currently phrased in doc-rework, the download page puts SHA-256 checksum checking at exactly same level as OpenPGP signature verification. Since the SHA-256 checksum file is likely to be fetched from the very same source as the ISO image, it feels wrong to me. This section's introduction reads It is important to check the integrity of the ISO image you downloaded to make sure that it is genuine and that the download went well. While we can put at the same level: a. Checking the SHA-256 checksum b. Checking the OpenPGP signature is *a* valid one (without more key or owner trust verification) = both make sure the downloaded ISO file is the one the *server* wanted us to get. This allows making sure the download went well, but *not* that the downloaded image is genuine. ... IMHO it's very different to check the OpenPGP signature is valid *and* produced by the Tails developers private OpenPGP signing key. This is the only way to check the downloaded image is genuine. On the other hand, I see how hard it is to make this difference clear in documentation intented for a wide audience, without writing too much text nobody will read :/ What do you and others think? I agree with you and I shouldn't write that the howto as it is now allows to check the authenticity of the image. The only way to do that would be through OpenPGP with a trust path to Tails signing key. I also agree that using SHA-256 checksums provided on the website or a OpenPGP key (or key number and fingerprint) downloaded from the same website has to be put at the same level: it makes you depend on the trust you can put in the website (which can range from zero if using HTTP to the trust you are willing to put in its SSL certificate if using HTTPS or the trust you put in the website not being hacked or modified). Still, I would put forward in defence of my howto that my idea was to provide on tails.boum.org the checksums for images that could have been downloaded on any of the dl.amnesia.boum.org mirrors. That would narrow the problem to trusting the tails.boum.org website, which I guess should be a key issue anyway since it will remain the central source of information for a vast majority of the Tails users. So what I would propose is: - Rephrase the howto to talk about integrity and not authenticity. And add another section about authenticity explaining that a careful check through OpenPGP is the recommended way of checking Tails authenticity (since even HTTPS can't always protect you from MitM, blabla). - Improve the trust people can put on the website. That could mean using a commercial SSL certificate and force HTTPS on it. Even though I know that we can't be 100 % satisfied with such a solution, allowing everybody to use mainstream HTTPS on tails.boum.org could be a good step forward for the users who won't go through careful OpenPGP checks. - Have a debate on limiting the open edition of some parts of the website. I'm not sure how this works right now but I guess, if we decide to improve the trust people can put on the website, we don't want people to be able to freely edit the download page, the OpenPGP key page or the 'Download Tails' button, etc. -- sajolida signature.asc Description: OpenPGP digital signature ___ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev
Re: [T(A)ILS-dev] doc: warnings
Hi, sajolida wrote (23 Apr 2011 13:06:34 GMT) : So what I would propose is: - Rephrase the howto to talk about integrity and not authenticity. And add another section about authenticity explaining that a careful check through OpenPGP is the recommended way of checking Tails authenticity (since even HTTPS can't always protect you from MitM, blabla). - Improve the trust people can put on the website. That could mean using a commercial SSL certificate and force HTTPS on it. Even though I know that we can't be 100 % satisfied with such a solution, allowing everybody to use mainstream HTTPS on tails.boum.org could be a good step forward for the users who won't go through careful OpenPGP checks. - Have a debate on limiting the open edition of some parts of the website. I'm not sure how this works right now but I guess, if we decide to improve the trust people can put on the website, we don't want people to be able to freely edit the download page, the OpenPGP key page or the 'Download Tails' button, etc. Full ack. Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Who wants a world in which the guarantee that we shall not | die of starvation would entail the risk of dying of boredom ? ___ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev
Re: [T(A)ILS-dev] doc: warnings
El 16/04/11 21:12, intrigeri escribió: Hi, sajolida wrote (14 Apr 2011 15:28:37 GMT) : In the process of rewriting Tails' documentation I worked yesterday on the warning page. Great! So I'm asking for your review. Here it is. (I fixed a few typos and other minor stuff. Will push soon.) Why are you using only second-level titles on doc/overview and doc/warning? Is this so that their content can more nicely be [[!inline ]]'d on other pages? For no good reason. At some point in life, I thought it was not valid to use two h1 in a same page and so I used to put h1 only on the page title, but actually it is perfectly valid so I should forget about that. I changed that and put every different warning section as h1. There seems to be no clear preference on the wiki source between using '-'-style of '#'-style headers, Right? Some of the Quoted from... references were unclear to me. At first glance, I was not sure if it referred to the part before or the part after (especially when a picture comes right after it). Ok, I was putting those mainly as explicit references to the sources I used for licensing, eg. Wikipedia. I know moved all that at the end of each section and put the reference in italic. Hope it's more clear now. This still leaves open the possibility of a man-in-the-middle attack even when your browser is trusting an HTTPS connection but this won't affect Tor or Tails users more than anybody else on the Internet. Actually, by providing anonymity, Tor makes it more difficult to perform a man-in-the-middle attack targeted on a specific user with the blessing of a rogue SSL certificate. I disagree with this won't affect [...] more than anybody else on the Internet; while an attack targeted at *one specific person* is more difficult to setup, and I am glad to see it mentioned, some other kinds of attacks, such as large scale MitM attempts, or attacks targeted at *a specific server*, and especially those among its users who happen to use Tor, is actually made easier; such attacks can be setup by anyone without special cow powers, e.g. by those who cannot get a legal wiretapping order but still want to gather passwords, or those who could get a legal wiretapping order but prefer not to, for various reasons. Great, that's corrected now. Sometimes I read See, $ref, while sometimes I read See $ref. Just mentioning it in case this is an error. Else, I don't mind. I changed everything to See $ref. Confirmation attacks: mention the both your home ISP and the server's one cooperate with an adversary of yours? Added. virtual identities = contextual identities? Changed. Vidalia's New Identity button forces Tor to use new circuits, thus addressing the first threat Wrong. It asks Tor to use new circuits **for new connections** only. We've been discussing it on this mailing-list a few months ago, in the thread about HTTP keep-alive. Also see recent activity about such matters on Tor's bug tracker. In the current state of things, I think we should either not mention this feature of Vidalia's, or tell it can **not** be accounted on to address the first threat. Woops, actually I knew about that at the time of writing but I wrote it wrong indeed. I rewrote that part. -- sajolida signature.asc Description: OpenPGP digital signature ___ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev
Re: [T(A)ILS-dev] doc: warnings
Hi, Did a review and corrected some tiny typos or formulations, but so far looks like you did a great job! bert. On Thu, Apr 14, 2011 at 05:28:37PM +0200, sajolida wrote: Hi everybody, In the process of rewriting Tails' documentation I worked yesterday on the warning page. The idea is to have a page that new users would read before downloading Tails in order to understand what Tails doesn't protect them against. I started working on the basis of the list we established (see my mail from 17/02/11 10:19). So I'm asking for your review. I pushed my work on the dedicated branch of the repo call 'doc-rework'. The page is wiki/src/doc/warning.mdwn. Thanks, -- sajolida ___ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev ___ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev