Hi,
sajolida wrote (14 Apr 2011 15:28:37 GMT) :
> In the process of rewriting Tails' documentation I worked yesterday
> on the warning page.
Great!
> So I'm asking for your review.
Here it is.
(I fixed a few typos and other minor stuff. Will push soon.)
Why are you using only second-level titles on doc/overview and
doc/warning? Is this so that their content can more nicely be
[[!inline ]]'d on other pages?
Some of the "Quoted from..." references were unclear to me. At first
glance, I was not sure if it referred to the part before or the part
after (especially when a picture comes right after it).
> This still leaves open the possibility of a man-in-the-middle attack
> even when your browser is trusting an HTTPS connection but this
> won't affect Tor or Tails users more than anybody else on the
> Internet. Actually, by providing anonymity, Tor makes it more
> difficult to perform a man-in-the-middle attack targeted on a
> specific user with the blessing of a rogue SSL certificate.
I disagree with "this won't affect [...] more than anybody else on the
Internet"; while an attack targeted at *one specific person* is more
difficult to setup, and I am glad to see it mentioned, some other
kinds of attacks, such as large scale MitM attempts, or attacks
targeted at *a specific server*, and especially those among its users
who happen to use Tor, is actually made easier; such attacks can be
setup by anyone without special cow powers, e.g. by those who cannot
get a legal wiretapping order but still want to gather passwords, or
those who could get a legal wiretapping order but prefer not to, for
various reasons.
Sometimes I read "See, $ref", while sometimes I read "See $ref".
Just mentioning it in case this is an error. Else, I don't mind.
Confirmation attacks: mention the "both your home ISP and the server's
one cooperate with an adversary of yours"?
"virtual identities" => "contextual identities"?
> Vidalia's "New Identity" button forces Tor to use new circuits, thus
> addressing the first threat
Wrong. It asks Tor to use new circuits **for new connections** only.
We've been discussing it on this mailing-list a few months ago, in the
thread about HTTP keep-alive. Also see recent activity about such
matters on Tor's bug tracker. In the current state of things, I think
we should either not mention this feature of Vidalia's, or tell it can
**not** be accounted on to address the first threat.
Keep up with the good work, I like it!
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Every now and then I get a little bit restless
| and I dream of something wild.
