Re: [Tails-dev] [GSoC] [tails-server] Ideas and challenges a…

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [GSoC] [tails-server] Ideas and challenges about asking the user's passphrase on boot
04/13/2012 11:43 PM, intrigeri:
> jvoisin wrote (13 Apr 2012 20:26:54 GMT) :
>> Dealing with multiples tails-server on the same LAN:
>> This is not a problem, since the hostname is set during
>> the setup; it's up to the user to take care to not name multiples
>> servers with the same name.
>
> All Tails currently ship with a common hostname.
>
> So, in case it's leaked, they're not distinguishible from the other.
> Moving away from this has consequences that should not be considered
> lightly. I'd really prefer to avoid doing it at all, if possible.


If we use avahi we can let the user set the service name used for
DNS-SD. See the avahi.service(5) man page. (Disclaimer: I have never
used avahi so don't take my word for any of this.)

> A given tails-server already has (at least) one identifier: it's
> .onion hidden service name. Maybe we could keep the current (amnesia)
> hostname even for tails-server, but configure avahi to announce the
> .onion name on the LAN (replacing .onion with .local, I guess)?
> Is it possible? How does this sound?


Announcing the .onion address on the LAN would effectively take out the
"hidden" from "Tor hidden service" since we consider the LAN as being
untrusted in our threat model (e.g. eavesdropping ISP-provided routers).

Cheers!