Re: [Tails-dev] [Secure Desktops] Tails' MAC 'leak preventio…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] [Secure Desktops] Tails' MAC 'leak prevention'question
Subject: Re: [Tails-dev] [Secure Desktops] Tails' MAC 'leak prevention'question
Hi,

Daniel Kahn Gillmor:
> fwiw, i prefer mac address spoofing at the udev layer since it means the
> first userspace tool to see the device gets a chance to set the mac
> address immediately.


Sure, this way of doing things provides better guarantees than
a NM-based approach. But I think it will be harder, if not entirely
impossible, to integrate it into the upcoming network configuration
workflow:

https://labs.riseup.net/code/issues/10491
https://tails.boum.org/blueprint/network_connection
https://labs.riseup.net/code/attachments/download/1293/network-20160306.odg

… since IIRC the idea is to turn the MAC spoofing decision from being
a per-Tails-session one, into a per-network-connection one; there
seems to be a few remaining open questions about this part of the new
design though, so it might change in the future.

Cheers,
--
intrigeri