[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tails-dev
Subject:    [T(A)ILS-dev] doc: warnings
From:       intrigeri () boum ! org (intrigeri)
Date:       2011-04-23 13:16:47
Message-ID: 854o5p9kg0.fsf () boum ! org
[Download RAW message or body]

Hi,

sajolida wrote (23 Apr 2011 13:06:34 GMT) :
> So what I would propose is:

> - Rephrase the howto to talk about integrity and not authenticity.
>   And add another section about authenticity explaining that a
>   careful check through OpenPGP is the recommended way of checking
>   Tails authenticity (since even HTTPS can't always protect you from
>   MitM, blabla).
>
> - Improve the trust people can put on the website. That could mean
>   using a commercial SSL certificate and force HTTPS on it. Even
>   though I know that we can't be 100 % satisfied with such a
>   solution, allowing everybody to use mainstream HTTPS on
>   tails.boum.org could be a good step forward for the users who
>   won't go through careful OpenPGP checks.
>
> - Have a debate on limiting the open edition of some parts of the
>   website. I'm not sure how this works right now but I guess, if we
>   decide to improve the trust people can put on the website, we
>   don't want people to be able to freely edit the download page, the
>   OpenPGP key page or the 'Download Tails' button, etc.

Full ack.

Bye,
-- 
  intrigeri <intrigeri at boum.org>
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
  | Who wants a world in which the guarantee that we shall not
  | die of starvation would entail the risk of dying of boredom ?


[prev in list] [next in list] [prev in thread] [next in thread]