On Tuesday 12 Mar 2013 13:41:05 Steve Dougherty wrote:
> On 03/11/2013 03:24 PM, Matthew Toseland wrote:
> [snip]
> >> 3) I prefer extreme network security at the expense of even more
> >> speed.
> >>
> >> Freenet shares network information with other computers it
> >> connects with to improve performance. Even though this
> >> information is limited and almost always safe to share, in
> >> extreme cases you may want to not share it to gain more network
> >> security at a significant cost in performance.
> >>
> >> (Maximum network security. Requires #1. How best to show this?
> >> Does it appear under #1 only when #1 is checked?)
> >
> > I don't see why we need to ask about maximum. We don't at the
> > moment, unless you choose custom.
>
> Good point. Is there no need for that question then? My intent is to
> replicate the current setup in a series of carefully explained
> questions, in the hope that it will be easier to think about one's
> security considerations.
>
> For detailed setup there could be a link to the current setup/wizard,
> hopefully to be replaced by an AJAXy equivalent as time permits.
>
> >> 4) I use full-disk encryption.
> >>
> >> Network security does not mean that if your computer is taken
> >> that your information is protected. Full-disk encryption
> >> encrypts all information on your hard disk, including operating
> >> system files, and requires that some kind of credentials be
> >> provided when the computer is turned on. The Freenet Project
> >> strongly recommends you use full-disk encryption, but can provide
> >> some encryption of its own.
> >>
> >> ("None" physical security.)
> >
> > I have my doubts about whether we should ask about this. I guess
> > it's a usability vs performance tradeoff. How much of a cost is
> > always encrypting temp files?
>
> I have no numbers on this. Do you have any suggestions for how to go
> about benchmarking?
>
> Then again Fred should encourage full-disk encryption anyway. If someone
> is using it, it seems silly to use additional on-disk encryption. Does
> using no encryption in Fred not allow transparent migration to higher
> levels of physical security?No. We can't quickly change from no encryption to encryption. That is, you can change the seclevel, but stuff that's already on disk won't be modified. > >> > >> 5) I am very concerned that my computer may be seized. > >> > >> As an extreme measure, Freenet can keep all information in > >> temporary memory (though it cannot guarantee that the operating > >> system will not write it to disk) in the hope that if the > >> computer is turned off any compromising information will be > >> lost. > >> > >> (Maximum physical security.) > > > > Currently we only ask about physical security if the user selects > > HIGH initially. It's a simple LOW/HIGH choice. We need to keep it > > as simple as possible, but not so simple that people don't > > understand. > > If the wizard is being replaced with this series of questions, how > else to establish this? Would it be preferable to have sections with > radio buttons that more closely map to the current wizard then? Is > maximum physical security something that can be available only in the > detailed/custom setup? So the question really is do we want to always, regardless of other settings, ask the user whether they have full disk encryption? This is probably sensible - seizure is the most likely attack in the real world. Also, as I've said a thousand times: Full disk encryption does not solve the problem of temp files. With (block-level) full disk encryption, if the attacker can capture the disk intact, not only can he read your current temp files, and your persistent temp files, he can also read your *PREVIOUS* temp files. This is why we delete temp files thoroughly, with multiple rewrites - but that is not a reliable way to expunge data. The only reliable way to be sure that old temp files are unrecoverable is to encrypt them in the first place. Obviously fred-level encryption has its limits, especially if the swapfile isn't encrypted... But life is not as simple as everyone assumes. > > I forgot a question: > > 6) I have a monthly bandwidth cap. > > (When this is selected, there has to be a way to enter the limit, so I > propose that _______ GiB/month slide out from under the question.) > > If your connection has a monthly bandwidth cap, Freenet can attempt to > stay under it, though it may be very slow when doing so. There is already such a question. How do you want to change it?
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
