Re: [Tails-dev] vpwned

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] vpwned
intrigeri:
> intrigeri wrote (01 Nov 2014 23:48:03 GMT) :
>> It's likely that quite some more time can be needed until we have
>> a full-fledged UI that gives us all we want, and allows us to switch
>> to "forbid RFC1918 by default" without breaking too many existing
>> usecases. Our UX folks are already busy with the Greeter revamp (that,
>> incidentally, might be part of what we need here).
>
>> So, a first (baby) step that could allow us to start moving in the
>> right direction would be to unconditionally allow access to a specific
>> list of ports only.
>
>> So, let's start listing usecases.
>
> So, the usecases we've listed are:
>
>   * SSH
>   * downloading from / uploading to a FTP server
>   * printing a document on a network printer
>   * going through whatever steps a captive portal asks me to;
>     this generally involves DNS and HTTP


Note that for this last point, "HTTP" doesn't equal to "TCP on port 80"
unfortunately. I've seen captive portals redirecting my browser to a
different non-standard port at some point in their validation process.

I would also add:

* connecting to a local gobby server

--
sajolida