Commit e8d315d5 authored by sajolida's avatar sajolida
Browse files

Clarify open question wrt attacks from inside the browser

parent becfe5e0
......@@ -188,6 +188,17 @@ We are not considering an attacker who can:
- Not rely on the website to perform the ISO verification and rely
on a native interface accessible from the add-ons menu.
Open questions
--------------
As the verification mechanism totally depends on the integrity of web
pages retrieved from our website and displayed to the user in their
browser, it would also be vulnerable to an attacker who could manage to
corrupt the verification mechanism or manipulate what is displayed to
the user **from inside the browser**. We are [still
investigating](https://mailman.boum.org/pipermail/tails-dev/2015-April/008648.html)
whether such attacks are possible.
Checksum verification
---------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment