-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, random lurker speaking up here with a question.
I don't mean to distract from the topic, but regarding interoperability, what about FreeOTFE? It's source was available, and someone else has picked it up and forked it on GitHub as DoxBox: https://github.com/t-d-k/doxbox Is there any consideration underway to support this solution and its development? I know it wouldn't solve all of the issues with the absence of TrueCrypt, but it certainly would broaden the relevance of LUKS. gl On Thu, 02 Apr 2015 19:39:15 +0000 "sajolida" <sajol...@pimienta.org> wrote: >intrigeri: >> sajolida wrote (20 Mar 2015 12:34:35 GMT) : >>> I think that our long-term objective is to have people move out >of >>> using TrueCrypt technologies in general (be it the software, >the >>> volumes, or the containers). >> >> Now you make me curious: why do you think we should get rid of >the >> TrueCrypt on-disk format? > >I was saying this because I thought it was our vision when getting >rid >of TrueCrypt, but I have no strong argument against TrueCrypt on- >disk >format as such myself. My understanding was basically that we had >no >good reasons for supporting it as we had LUKS already. > >> The way I see it, we're stuck between a rock and a hard place: >> >> Ideally we'd like to be able to fully replace TrueCrypt volumes >(I'm >> assuming that I'm missing information that makes you think we >should) >> with something else, but nothing equivalent exists yet. Sadly, >I'm not >> aware of any plan (let alone serious effort) towards making this >> a reality, when one takes into account the need for: >> >> - inter-operability (which I'm tempted to disregard as a >dangerous >> way to share data with an untrusted OS, but then if we don't >> support TrueCrypt volumes at all, perhaps users who >won't/can't >> fully give up proprietary software will just be forced to >either >> store and share the very same data in cleartext, or to use >> something less safe than Tails) >> >> - "hidden" volumes (which may be a false promise in TrueCrypt, >but >> still people want that and AFAIK there's nothing even >approaching >> it, be it in terms of peer-review of existing production- >quality >> implementations) > >Thanks to Jasper we can add "containers" to that list. > >All those are usability and interoperability issues that have real >but >non-obvious security implications (not in terms of crypto but in >terms >of user scenario). I'm not really convinced by containers and >hidden >volumes as such in the context of a pure Tails setup, so we're >left with >interoperability as the most interesting feature. > >> With this in mind, supporting the TrueCrypt on-disk format (even >> minimally) still makes sense for the time being IMO. I doubt >we'll >> actively patch out the corresponding code from cryptsetup, so I >take >> for granted that we'll keep this support in Tails as long as >> cryptsetup has it. > >Agreed. > >> We had good reasons to get rid of the TrueCrypt software itself, >but >> no existing GUI for TrueCrypt volumes is satisfying right now, >in the >> context of Tails. >> >> Now, of course a CLI-only interface isn't encouraging for Tails >users >> to go on using TrueCrypt volumes. This has both advantages (as >> a long-term strategy, hopefully it'll encourage people to either >fully >> replace TrueCrypt volumes with a better design), and drawbacks >(until >> our fancy long-term plans are made real by $someone $some_day, >Tails >> users have the choice between using something we claim we don't >really >> support, with poor usability, and doing something even worse). >> >> So, the question I'm coming to is: assuming there *was* >satisfying GUI >> support for the TrueCrypt on-disk format (in GNOME Disks, >Nautilus, >> etc.), would we want to explicitly support that, or still depict >it as >> a suboptimal feature, and call it unsupported because we think >it >> should ideally be replaced by something else on the long term? > >We have a long tradition of advertising only one tool for one job. >So >what would we advertise TrueCrypt for? Exchanging encrypted data >with >other operating systems? With big fat warnings? Maybe... > >> In other words: how hard should we push for adding support for >the >> TrueCrypt on-disk format in udisks and friends? (Until 15 >minutes ago, >> I was convinced that it was the way to go, and prepared to go >ping the >> right folks about it, but now you've planted some non-negligible >> amount of doubt in my mind, so I'm a bit lost in terms of >strategy.) > >Me too :) > >-- >sajolida >_______________________________________________ >Tails-dev mailing list >Tails-dev@boum.org >https://mailman.boum.org/listinfo/tails-dev >To unsubscribe from this list, send an empty email to Tails-dev- >unsubscr...@boum.org. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wsBcBAEBAgAGBQJVIUVqAAoJEJRqj8F0y8k5W2EH/jryqzPhaCGQ0vkdvHZyYUrKyc8+ ZtFdjSAAL+ep9TU+fwZuZRvmDWYe9X6qZms9mj9WJqmZZS89FA8lrZ5Nmx7J/U1hl8Eh w4KkW0leCZgDj6dx52gZXfvnlKP4tA76M8D5nKnb0KlAWB9sq6D7V+btiepd8iEPtwct cEAbEoLQcOeWQaABqy1vg8wU5D9OjdrHMOPAmoAMN+u7JOnUFuTMlpY3yjZGIH43+k3s ZLa4Iil4fSUSYQYzGeGzim8BuKeot6nnd7V/xY6a6WnUmvTWZrZQ2wxrOGTiI7ePGeyP d+8Z3wOL40cZlRm8N+BfKor/lTq/ML3ShNeRGsqkyIg= =lQc9 -----END PGP SIGNATURE----- _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.