[tahoe-dev] Tahoe-LAFS, Tor and Tails
Leif Ryge
leif at synthesize.us
Fri Aug 9 03:01:04 UTC 2013
On Fri, Aug 09, 2013 at 12:22:54AM +0000, Jacob Appelbaum wrote:
[...]
> Here is the git repo for the script that we used to bootstrap Tahoe-LAFS
> on Tails 0.19:
>
> https://github.com/leif/tahoe-tails-utils
>
> The following ticket covers the overall issues of actually trying to
> bootstrap Tahoe safely on any network at all:
>
> https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2055
I am very sorry to report that the first version of the above-linked
bootstrap.sh (in the tahoe-tails-utils repository) which I published on github
earlier this evening was actually still vulnerable to HTTP MITM attacks. See
https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2055#comment:5 for an explanation
of how that happened. I believe the current version is fixed, but after making
that mistake I am a little bit less confident in it. :(
~leif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130809/36224bf3/attachment.pgp>
More information about the tahoe-dev
mailing list