Commit 6d6d7fd0 authored by sajolida's avatar sajolida
Browse files

Rewrite introduction to WoT

parent 7d205d6c
......@@ -137,14 +137,21 @@ signing key through the OpenPGP Web of Trust</a>.
Authenticate the signing key through the OpenPGP Web of Trust
=============================================================
Note that since all Tails releases are signed with the same key, you will not
have to verify the key every time and the trust you might progressively build in
it will be built once and for all. Still, you will have to check the ISO image
every time you download a new one!
If you want to be extra cautious and really authenticate Tails signing key in a
stronger way than what standard HTTPS offers you, you will need to use the
OpenPGP Web of Trust.
The verification techniques presented until now ([[Firefox extension,
BitTorrent|download/install]], or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:
- The *checksum* for the Firefox extension
- The *Torrent file* for BitTorrent
- The *Tails signing key* for the OpenPGP verification
But, while doing so, you could download malicious information if our
website is compromised or if you are victim of a [[man-in-the-middle
attack|doc/about/warning#man-in-the-middle]].
The OpenPGP verification allows you to verify the ISO image even better
by also authenticating the Tails signing key through the OpenPGP Web of
Trust, without having to trust your download.
<div class="note">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment