Auteur: sajolida Date: À: The Tails public development discussion list Anciens-sujets: Re: [T(A)ILS-dev] doc: warnings Sujet: [T(A)ILS-dev] doc: verify the iso image [was: Re: doc: warnings]
El 23/04/11 15:16, intrigeri escribió: > Hi,
>
> sajolida wrote (23 Apr 2011 13:06:34 GMT) :
>> So what I would propose is:
>
>> - Rephrase the howto to talk about integrity and not authenticity.
>> And add another section about authenticity explaining that a
>> careful check through OpenPGP is the recommended way of checking
>> Tails authenticity (since even HTTPS can't always protect you from
>> MitM, blabla).
>>
>> - Improve the trust people can put on the website. That could mean
>> using a commercial SSL certificate and force HTTPS on it. Even
>> though I know that we can't be 100 % satisfied with such a
>> solution, allowing everybody to use mainstream HTTPS on
>> tails.boum.org could be a good step forward for the users who
>> won't go through careful OpenPGP checks.
>>
>> - Have a debate on limiting the open edition of some parts of the
>> website. I'm not sure how this works right now but I guess, if we
>> decide to improve the trust people can put on the website, we
>> don't want people to be able to freely edit the download page, the
>> OpenPGP key page or the 'Download Tails' button, etc.
>
> Full ack.
>
> Bye,
Hi again,
This issue has kept me busy all day and I just pushed some more stuff to
implement the first point of my proposal (rephrasing the howto) which of
course doesn't make sense on its own if we don't solve the two other
points (getting standard HTTPS and securing the wiki).
I also came to the following conclusions :
1. Since SHA-256 checking and OpenPGP validity check without WoT can be
put at the same level: basically trusting tails.boum.org, we could
choose to document only one of the two solutions. And the easiest to
document well is SHA-256 ;) I didn't do it yet but in the end I'm in
favour of removing the "Using our OpenPGP key" option from this first part.
2. Since going through WoT checks on Tails' key not only depends on
technical knowledge but also on human interaction, real-life checks,
etc. I decided not to write a technical howto but rather an explanation
of the trust model issue, a broad picture on how could the WoT solve
this and hints on how to start building a trust path to Tails' key.
I'm wondering now whether to include here in some form the technical
howto from the previous "Using our OpenPGP key". I thought that :
- people knowledgeable enough about OpenPGP to get and check a trust
path to Tails would probably be able to do that on their own, and
- we won't be able to give a full GnuPG training to people who are not
used to OpenPGP in our little howto and they would anyway need to
establish real-life contacts with other OpenPGP-savvy people in order to
get into the WoT.
In the end I find my whole WoT explanation a bit absurd but don't really
know what to do about it.