-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi everybody,
It's my first post here, I'm part of the team developing Tails. In the context of the development of Tails we want Firefox to allow connecting to webservers on LAN (RFC-1918) IPs. For example, some users might want to use an Etherpad installation on the local network before publishing their text on a blog. To access those resources, the user would have to type the IP of the local server in the location bar, and not its hostname, in order to bypass Tor DNS. Our initial plan is just to use FoxyProxy rules to grant direct access (without proxy) to LAN IPs. With this setup, we couldn't think about an attack which would be made possible by allowing this only: if an attacker in control of both local and online resources tries to de-anonymize a local user accessing online resources, this user could be de-anonymized anyways by other means, we believe this true by design with Tor. If such an attack is still possible we also thought about modifying Torbutton to treat LAN IPs as 'local' and not 'online', just as it does for URLs such as 'file:///'. What do you think of this idea? Can you think about possible attacks that would defeat our plan? - -- sajolida -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJOtU8kAAoJEJ5bBPQw+Aos7E4P/3L8ocxgQsJhInGJ4ecD9XKF Y6ZO1Gk88LCicf/AnIU0TtYjlN7vgkw5bgYkJSq16JI/zdket67A09JQbDPbtNER kwlclSd7uGyCIVL3IDe9uaSx/E/6yDQY5Jt9Eq4dtWQInQbLDCFGDT45mYo02K3T O6btFyUHdxjBpVLrWCGtpwmeDyQ5QmSEbRoKYDcPR7yRW563Q3EhIzDb/sGMMJug 1fqqgPAVfe0rbEVNSmOmDha/jDWj9y89KeIDd9DNnocjK/2crnx15gorw6K/+epm RtoD/+7qdgi7YMy5OeiZ2H2YjF7CVWaXyU3c6lVdcAgFiy+iE3qtZMfVWDBOzqx6 7nF2SLjmFKcvWTLmxKcePBGxLWlykGDy91F8EGYwZ50ArW+2Gf957YpX3kVeJtY4 4OJAzZ7NU9L1DEujxDDFCWEH4hvw86dlcW3MrSpTGqVUTYaLDF0jmBXj6mMyTpCP BOF0nlmw0NT6jwlE9OtcCHQY/f+aRVY5Jc3R6KDHdYpZQOynQAqTxc+6EvuJQBUa DxKGUuIHMvYorHdbTD8bB1yS98EnDIw4VVSUvCug//tfavarTyX9Pqd9PSMS46XX ak819fZfAn51qiuED2pXu+ZC1lF9B3Yisw/BUMf/tLpQPAbPh6qkDJ5+l7JEY6P4 ROgJcigu7Vnl45XzQfvS =LQZ+ -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
