Re: [Tails-dev] [tahoe-dev] Tahoe-LAFS, Tor and Tails

Delete this message

Reply to this message
Author: Leif Ryge
Date:  
To: Jacob Appelbaum
CC: tahoe-dev, The Tails public development discussion list
Subject: Re: [Tails-dev] [tahoe-dev] Tahoe-LAFS, Tor and Tails
On Fri, Aug 09, 2013 at 12:22:54AM +0000, Jacob Appelbaum wrote:
[...]
> Here is the git repo for the script that we used to bootstrap Tahoe-LAFS
> on Tails 0.19:
>
> https://github.com/leif/tahoe-tails-utils
>
> The following ticket covers the overall issues of actually trying to
> bootstrap Tahoe safely on any network at all:
>
> https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2055


I am very sorry to report that the first version of the above-linked
bootstrap.sh (in the tahoe-tails-utils repository) which I published on github
earlier this evening was actually still vulnerable to HTTP MITM attacks. See
https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2055#comment:5 for an explanation
of how that happened. I believe the current version is fixed, but after making
that mistake I am a little bit less confident in it. :(

~leif