Feature #8873
Decide which kind of verification would the ISO verification extension do
Start date:
2015-02-05
Due date:
% Done:
0%
Feature Branch:
Type of work:
Discuss
Starter:
Affected tool:
ISO Verification Extension
Deliverable for:
Description
That could be:
- OpenPGP verification
- Checksum correlation against different websites
- Checksum against boum.org
Subtasks
Related issues
Blocks Tails - |
Resolved | 2015-02-04 |
History
#1 Updated by sajolida 2015-02-05 21:18:05
- blocks
Feature #8855: Design data source for ISO verification extension added
#2 Updated by sajolida 2015-02-05 21:18:48
- blocked by
Feature #8850: Investigate feasibility of OpenPGP signature verification in JavaScript added
#3 Updated by sajolida 2015-02-21 18:47:21
- Blueprint set to https://tails.boum.org/blueprint/bootstrapping/extension
#4 Updated by sajolida 2015-02-21 18:57:40
- Assignee deleted (
sajolida)
I’m pretty much convinced that simple checksum verification is the way to go in such a context. See the security discussion on the blueprint: https://tails.boum.org/blueprint/bootstrapping/extension#verification
#5 Updated by sajolida 2015-03-10 09:25:52
- blocks deleted (
)Feature #8850: Investigate feasibility of OpenPGP signature verification in JavaScript
#6 Updated by sajolida 2015-03-10 09:26:25
- Status changed from Confirmed to Resolved
From the discussion on tails-dev https://mailman.boum.org/pipermail/tails-dev/2015-March/008333.html, nobody argued strongly or provided good arguments to do something better than simple checksum verification. This could actually become quite strong once we get in the HPKP preload list of Firefox (Feature #9026) and monitor externally the content of the website (Feature #8650).