Re: [Tails-dev] What to do about I2P in Tails?

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] What to do about I2P in Tails?
On 7/26/14, sajolida@??? <sajolida@???> wrote:
> intrigeri wrote:
>> So, the main goals I have in mind are:
>>
>>  1. making it harder, for an attacker who compromises I2P running in
>>     Tails, to upgrade their attack to anything non-I2P;

>>
>>  2. making it harder, for someone attacking a Tails user's web
>>     browsing over Tor, to take advantage of bugs in the I2P router
>>     console;

>>
>>  3. protecting the Tails users who don't intend to use I2P at all,
>>     from vulnerabilities in I2P, by making it harder, for an attacker,
>>     to start I2P in Tails, or to trick a user into doing it.

>>
>> Regarding #3, I think we should replace the sudo credentials that
>> allow the `amnesia' user to start I2P, with an I2P option in Tails
>> Greeter. I assume the new Greeter that's currently worked on would
>> allow this.
>>
>>  * If we keep I2P without adding any protection immediately, when do
>>    we expect *which* protections to be ready? (reality check: we won't
>>    have AppArmor before October; I guess the Greeter won't be ready
>>    earlier either)

>
> Regarding the "when", if we decide to do a first temporary step by
> having an "i2p" boot option instead of an option in the Greeter, then we
> don't have to wait for the new Greeter... It feels a bit like going
> backward regarding our plans on the Greeter but we've been doing that
> for truecrypt forever and the doc is ready... That could be ready for
> Tails 1.1.1, no?
>


A boot option seems like a fine way to fix things quickly without
actually harming the needs of actual i2p users. I wonder though if
that also means that the firewall would be locked down by default?

All the best,
Jacob