Re: [Tails-dev] TorBirdy: first impressions

Esta mensaxe é parte do seguinte fío:
MÁrbore completa do fío ordenada por data
MJacob Appelbaum o <-
M 
Borrar esta mensaxe

Responder a esta mensaxe
Autor: intrigeri
Data:  
Para: Jacob Appelbaum
CC: Sukhbir Singh, The Tails public development discussion list
Asunto: Re: [Tails-dev] TorBirdy: first impressions
Hi Jake and all,

Jacob Appelbaum wrote (28 Jan 2013 15:24:22 GMT) :
> intrigeri:
>> We need a way to configure TorBirdy so that it does *not* disable the
>> account creation wizard -- currently fails with "TorBirdy has disabled
>> Thunderbird's auto-configuration wizard to protect your anonymity."
>> Is it possible to a preference setting to do so?

> We'd gladly accept a patch to handle this case

Great news, but unfortunately nobody on Tails team is at ease with
writting XUL extensions code. I'm not sure it's a very clever use of
our time, strategically speaking, to learn this right now, so I'm not
sure how we'll sort this out. I guess we'll ask for help somewhere.

> one problem is that the
> auto-configuration wizard is simply dangerous. It may use insecure
> protocols, even if it doesn't directly cause leaking, it is isn't safe
> to use on the internet, I think.

I hope this is addressed bellow :)

>> Rationale: our patchset "secure" account creation patchset should take
>> care of most, if not all, of the issues highlighted in Tagnaq's paper.
>>

> Did you merge our patches to ensure the date/time stamp issues are taken
> care of, amongst other issues?

No. Our patchset is only about the account creation wizard.

I was not aware that you also had patches, but I've now found them in
the "patches" directory of the TorBirdy repository, and I'm sure we'll
happily consider applying your patchset!
Were can we find the design documentation for these patches?
Did you try to upstream them already?

>> In case someone wants to review / test / have a look,
>> here's the code:
>> 
>>   repo:    git://labs.riseup.net/tails_icedove.git
>>   branch:  tails/master-10.x
>>   patches: debian/patches/tails/*

>>

> Could you describe how it solves the issues we faced?

Sure, anonym documented this in the "Modified autoconfig wizard /
Design" section there:
https://tails.boum.org/todo/Return_of_Icedove__63__/

Reviews and tests are welcome!

(Note that I *think* I've found a DNS leak already yesterday, which is
not a concern for Tails context, and the setting we're asking for in
TorBirdy would be opt-in anyway.)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Esta mensaxe foi enviada ás seguintes listas:
tails-dev
Información da lista | Mensaxes recentes		<-[Tails-dev] Off-topic section in forumRe: [Tails-dev] Off-topic section in forum->
lists.autistici.org administrado por postmasterLurker (versión 2.3)