Feature #10317
Draft how Tails Installer should trust the Tails signing key
Start date:
2015-09-30
Due date:
% Done:
0%
Description
How do we trust the signing key?
- One possibility would be to TOFU. But on second use, how do we identify that the user has trusted the key once? => verify if we can change a key’s trust level without signing it.
- Trust the Debian keyring.
- installer needs to check if Tails signing key contains signatures from Debian keyring / Web of Trust. If not, how should it advertise the user that the key does not contain any signature which is also present in the keyring?
- Research if our public signing key should be packaged with the tails-installer or could we create a package tails-keyring which would be a dependency of tails-installer?
- In Windows version the key could be contained in the package directly.
- Deb packages are signed by Debian keyring, which increases the level of trust.
- having tails-keyring as independent package would allow for easier updating in case of revocation or changes.
Subtasks
History
#1 Updated by Anonymous 2015-09-30 12:12:39
- Parent task set to
Feature #9798
#2 Updated by Anonymous 2015-09-30 12:17:13
- Parent task changed from
Feature #9798toFeature #10315
#3 Updated by intrigeri 2015-10-03 03:36:08
- Description updated
- Category set to Installation
- Status changed from New to Confirmed
#4 Updated by sajolida 2018-04-18 17:15:58
- Status changed from Confirmed to Rejected