intrigeri wrote:
> So, the main goals I have in mind are:
>
> 1. making it harder, for an attacker who compromises I2P running in
> Tails, to upgrade their attack to anything non-I2P;
>
> 2. making it harder, for someone attacking a Tails user's web
> browsing over Tor, to take advantage of bugs in the I2P router
> console;
>
> 3. protecting the Tails users who don't intend to use I2P at all,
> from vulnerabilities in I2P, by making it harder, for an attacker,
> to start I2P in Tails, or to trick a user into doing it.
>
> Regarding #3, I think we should replace the sudo credentials that
> allow the `amnesia' user to start I2P, with an I2P option in Tails
> Greeter. I assume the new Greeter that's currently worked on would
> allow this.
>
> * If we keep I2P without adding any protection immediately, when do
> we expect *which* protections to be ready? (reality check: we won't
> have AppArmor before October; I guess the Greeter won't be ready
> earlier either)
Regarding the "when", if we decide to do a first temporary step by
having an "i2p" boot option instead of an option in the Greeter, then we
don't have to wait for the new Greeter... It feels a bit like going
backward regarding our plans on the Greeter but we've been doing that
for truecrypt forever and the doc is ready... That could be ready for
Tails 1.1.1, no?
--
sajolida