Feature #10317

Draft how Tails Installer should trust the Tails signing key

Added by Anonymous 2015-09-30 12:12:30 . Updated 2018-04-18 17:15:58 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
2015-09-30
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Installer
Deliverable for:

Description

How do we trust the signing key?

  • One possibility would be to TOFU. But on second use, how do we identify that the user has trusted the key once? => verify if we can change a key’s trust level without signing it.
  • Trust the Debian keyring.
    • installer needs to check if Tails signing key contains signatures from Debian keyring / Web of Trust. If not, how should it advertise the user that the key does not contain any signature which is also present in the keyring?
  • Research if our public signing key should be packaged with the tails-installer or could we create a package tails-keyring which would be a dependency of tails-installer?
    • In Windows version the key could be contained in the package directly.
    • Deb packages are signed by Debian keyring, which increases the level of trust.
    • having tails-keyring as independent package would allow for easier updating in case of revocation or changes.

Subtasks

History

#1 Updated by Anonymous 2015-09-30 12:12:39

#2 Updated by Anonymous 2015-09-30 12:17:13

#3 Updated by intrigeri 2015-10-03 03:36:08

  • Description updated
  • Category set to Installation
  • Status changed from New to Confirmed

#4 Updated by sajolida 2018-04-18 17:15:58

  • Status changed from Confirmed to Rejected