Re: [Tails-dev] [liberationtech] secure download tool - does…

This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMDev Random at <-
M..Madrelanos at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: liberationtech
CC: tails-dev
Subject: Re: [Tails-dev] [liberationtech] secure download tool - doesn't exist?!?
Hi,

adrelanos wrote (01 Jul 2013 18:03:01 GMT) :
> Goal:

> - big file downloads
> - at least as secure as TLS
> - at least as simple as a regular download using a browser
> - not using TLS itself (too expensive) for bulk download

> The problem: [...]

+ verify that the signed file you've downloaded is actually the
version you intended to download, and not an older, also properly
signed one. 

See tools that take this into account:
  - Thandy (already mentioned by Moritz)
  - our design for incremental updates:
    https://tails.boum.org/todo/incremental_upgrades/
  - TUF:
    https://www.updateframework.com/


Other than this, our current take on it is, I believe, making it
easier to verify OpenPGP detached signatures. E.g. we're working to
make it work flawlessly on the GNOME desktop.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] todo/network_fingerprintRe: [Tails-dev] Tails contributors meeting: July 2->
lists.autistici.org administrated by postmasterLurker (version 2.3)