Re: [Tails-dev] Releasing ISO as a GPG encrypted archive?

This message is part of the following thread:
Mthe complete thread tree sorted by date
MAnonymous at <-
Manonym at ->
Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Releasing ISO as a GPG encrypted archive?
Anonymous:
> Have the developers considered the idea of releasing the
> Tails ISO as a GPG encrypted archive? This would create
> another verification method with distribution as users would
> need to decrypt the archive via a specific method in order
> to utilize the ISO and further verify it once extracted.

AFAICT, encryption applied in this manner does not help authentication, so signature verification alone suffices. Besides, with what key would Tails be encrypted with? Our *public* key? Actually, that is what a signature is (modulo the part where it generally only encrypts a hash of the file, so they can be tiny). Lastly, even if this added something useful we'd have to weigh it against the increased complexity for our users.

Cheers!

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] Releasing ISO as a GPG encrypted archive?Re: [Tails-dev] Releasing ISO as a GPG encrypted archive?->
lists.autistici.org administrated by postmasterLurker (version 2.3)