Autor: sajolida Data: Dla: The Tails public development discussion list Temat: Re: [T(A)ILS-dev] doc: warnings
El 16/04/11 21:12, intrigeri escribió: > Hi,
>
> sajolida wrote (14 Apr 2011 15:28:37 GMT) :
>> In the process of rewriting Tails' documentation I worked yesterday
>> on the warning page.
>
> Great!
>
>> So I'm asking for your review.
>
> Here it is.
>
> (I fixed a few typos and other minor stuff. Will push soon.)
>
> Why are you using only second-level titles on doc/overview and
> doc/warning? Is this so that their content can more nicely be
> [[!inline ]]'d on other pages?
For no good reason. At some point in life, I thought it was not valid to
use two h1 in a same page and so I used to put h1 only on the page
title, but actually it is perfectly valid so I should forget about that.
I changed that and put every different warning section as h1.
There seems to be no clear preference on the wiki source between using
'-----'-style of '#'-style headers, Right?
> Some of the "Quoted from..." references were unclear to me. At first
> glance, I was not sure if it referred to the part before or the part
> after (especially when a picture comes right after it).
Ok, I was putting those mainly as explicit references to the sources I
used for licensing, eg. Wikipedia. I know moved all that at the end of
each section and put the reference in italic. Hope it's more clear now.
>> This still leaves open the possibility of a man-in-the-middle attack
>> even when your browser is trusting an HTTPS connection but this
>> won't affect Tor or Tails users more than anybody else on the
>> Internet. Actually, by providing anonymity, Tor makes it more
>> difficult to perform a man-in-the-middle attack targeted on a
>> specific user with the blessing of a rogue SSL certificate.
>
> I disagree with "this won't affect [...] more than anybody else on the
> Internet"; while an attack targeted at *one specific person* is more
> difficult to setup, and I am glad to see it mentioned, some other
> kinds of attacks, such as large scale MitM attempts, or attacks
> targeted at *a specific server*, and especially those among its users
> who happen to use Tor, is actually made easier; such attacks can be
> setup by anyone without special cow powers, e.g. by those who cannot
> get a legal wiretapping order but still want to gather passwords, or
> those who could get a legal wiretapping order but prefer not to, for
> various reasons.
Great, that's corrected now.
> Sometimes I read "See, $ref", while sometimes I read "See $ref".
> Just mentioning it in case this is an error. Else, I don't mind.
I changed everything to "See $ref".
> Confirmation attacks: mention the "both your home ISP and the server's
> one cooperate with an adversary of yours"?
Changed.
>> Vidalia's "New Identity" button forces Tor to use new circuits, thus
>> addressing the first threat
>
> Wrong. It asks Tor to use new circuits **for new connections** only.
> We've been discussing it on this mailing-list a few months ago, in the
> thread about HTTP keep-alive. Also see recent activity about such
> matters on Tor's bug tracker. In the current state of things, I think
> we should either not mention this feature of Vidalia's, or tell it can
> **not** be accounted on to address the first threat.
Woops, actually I knew about that at the time of writing but I wrote it
wrong indeed. I rewrote that part.