Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
6d6d7fd0
Commit
6d6d7fd0
authored
Apr 26, 2016
by
sajolida
Browse files
Rewrite introduction to WoT
parent
7d205d6c
Changes
1
Hide whitespace changes
Inline
Side-by-side
wiki/src/install/download/openpgp.mdwn
View file @
6d6d7fd0
...
...
@@ -137,14 +137,21 @@ signing key through the OpenPGP Web of Trust</a>.
Authenticate the signing key through the OpenPGP Web of Trust
=============================================================
Note that since all Tails releases are signed with the same key, you will not
have to verify the key every time and the trust you might progressively build in
it will be built once and for all. Still, you will have to check the ISO image
every time you download a new one!
If you want to be extra cautious and really authenticate Tails signing key in a
stronger way than what standard HTTPS offers you, you will need to use the
OpenPGP Web of Trust.
The verification techniques presented until now ([[Firefox extension,
BitTorrent|download/install]], or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:
- The *checksum* for the Firefox extension
- The *Torrent file* for BitTorrent
- The *Tails signing key* for the OpenPGP verification
But, while doing so, you could download malicious information if our
website is compromised or if you are victim of a [[man-in-the-middle
attack|doc/about/warning#man-in-the-middle]].
The OpenPGP verification allows you to verify the ISO image even better
by also authenticating the Tails signing key through the OpenPGP Web of
Trust, without having to trust your download.
<div class="note">
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment