Author: anonym Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Releasing ISO as a GPG encrypted archive?
Anonymous: > Have the developers considered the idea of releasing the
> Tails ISO as a GPG encrypted archive? This would create
> another verification method with distribution as users would
> need to decrypt the archive via a specific method in order
> to utilize the ISO and further verify it once extracted.
AFAICT, encryption applied in this manner does not help authentication, so signature verification alone suffices. Besides, with what key would Tails be encrypted with? Our *public* key? Actually, that is what a signature is (modulo the part where it generally only encrypts a hash of the file, so they can be tiny). Lastly, even if this added something useful we'd have to weigh it against the increased complexity for our users.