On Wed, Aug 29, 2012 at 10:04 AM, intrigeri <intrig...@boum.org> wrote: > Hi, > > Nick Mathewson wrote (29 Aug 2012 13:22:36 GMT) : >> I'd need an actual list of applications to think about >> IsolateDestAddr. Which ones did you have in mind? > > Thank you for having a look.
You're welcome! Now here's the email where I show how little I actually know about protocols not called "Tor". ;) > The main network applications shipped in Tails, that would get > IsolateDestAddr according to our plan, are: > > * Claws Mails (replaced with icedove / Thunderbird, some day) Not too scary. A typical mail program will make connections to, like, one SMTP server and a small handful of POP/IMAP servers, right? So this isn't a lot of circuits; seems like a fine idea. You could probably get a little better by allowing the SMTP and POP stuff for each email account to share a circuit, if you can figure out a way to make that work. > * Pidgin Not too scary, I think. You'd typically wind up with one destination per chat, or one per chat protocol? > * Liferea RSS feed reader This one is a little scary. Do I understand correctly that an RSS reader will make a separate connection for every RSS feed that you subscribe to? If so that might make some pretty serious load. > * Gobby This has one destination per open session? Seems fine. > Then you have a few command-line ones such as wget. Also, some > software that is not SOCKS aware, such as APT, goes through Polipo (to > be replaced with Privoxy, some day). Oh wow. Instead of shunting these applications' traffic through Polipo or privoxy, have you considered relinking against torsocks to *make* applications understand SOCKS, or using some kind of iptables trickery? When we stopped using those proxies, we weren't really thrilled with their security or their performance. It makes me uncomfortable to see "and here goes an HTTP proxy" in any Tor design these days. > Basically, that's it. Cool. > Note, however, that Tails users may choose to install whatever they > want from the Debian archive, or hand-compile whatever they feel like, > but I doubt the ones who will do so, and unfortunately pick > applications that don't play well with IsolateDestAddr, will be that > many to make a measurable difference. > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
