On 2/12/16, intrigeri <intrig...@boum.org> wrote: > Hi, > > Jurre van Bergen wrote (11 Feb 2016 16:46:47 GMT) : >> Forwarding e-mail. > > Thanks :) > >> Date: Thu, 11 Feb 2016 12:28:35 +0100 >> From: Cornelius Diekmann <diekm...@net.in.tum.de> > >> A conservative change to the tails config would be to keep an RELATED >> rule but limit it to known good ICMP messages. > > Yes, this was proposed on the thread; in the email you're replying to > I explained why I didn't pick this option, mainly because no (pseudo-) > implementation thereof has been proposed nor discussed yet.
I feel a bit sad to see this rehashed. Please just drop all packets on the floor? People who use Tails and expect it to keep them safely torified are likely still vulnerable to things we wrote in our paper (vpwned). Allowing users by default to make non-tor connections, except for specific pluggable transports or dhcp, will probably ensure that variations on the disclosed issues stay relevant. If a user wants to use a printer or touch the local subnet, why not make them jump through a (`sudo unsafe-network-unlock`) hoop? Why leave every other user vulnerable by default? All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
