[prev in list] [next in list] [prev in thread] [next in thread]
List: tails-dev
Subject: [T(A)ILS-dev] doc: warnings
From: intrigeri () boum ! org (intrigeri)
Date: 2011-04-23 13:16:47
Message-ID: 854o5p9kg0.fsf () boum ! org
[Download RAW message or body]
Hi,
sajolida wrote (23 Apr 2011 13:06:34 GMT) :
> So what I would propose is:
> - Rephrase the howto to talk about integrity and not authenticity.
> And add another section about authenticity explaining that a
> careful check through OpenPGP is the recommended way of checking
> Tails authenticity (since even HTTPS can't always protect you from
> MitM, blabla).
>
> - Improve the trust people can put on the website. That could mean
> using a commercial SSL certificate and force HTTPS on it. Even
> though I know that we can't be 100 % satisfied with such a
> solution, allowing everybody to use mainstream HTTPS on
> tails.boum.org could be a good step forward for the users who
> won't go through careful OpenPGP checks.
>
> - Have a debate on limiting the open edition of some parts of the
> website. I'm not sure how this works right now but I guess, if we
> decide to improve the trust people can put on the website, we
> don't want people to be able to freely edit the download page, the
> OpenPGP key page or the 'Download Tails' button, etc.
Full ack.
Bye,
--
intrigeri <intrigeri at boum.org>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Who wants a world in which the guarantee that we shall not
| die of starvation would entail the risk of dying of boredom ?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic