Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-30 Thread Chris Laprise
On 12/28/2016 07:39 AM, john.david.r.smith wrote: currently when i have qubes and need a new image (e.g. to reinstall/install on a new machine), i need to download the image from qubes-os.org and then check the signature. this may be a source of errors for some users, or even insecure (mitm +

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread john.david.r.smith
if offloading is done for isos: ship the master key with qubes and provide a convenience command to the user. this command should download (e.g. via torrent) and verify the image (a step the user can'd do wrong anymore). this command could spawn a dispvm, install torrent software, load the

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-28 11:11, john.david.r.smith wrote: >>> this may be a source of errors for some users, or even insecure >>> (mitm + exchanging the master signing key information on the >>> website + patching the downloaded image). >> >> I know what you

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread john.david.r.smith
the problem is (as you wrote) 'supposed to be verified out-of-band'. for some less technical people, even verifying the signature is a huge step. i am a fan of providing easy accessible security and using already existing infrastructure. (in case of the dom0 repo, an ultimately trusted source).

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread nicklaus
>the problem is (as you wrote) 'supposed to be verified out-of-band'. >for some less technical people, even verifying the signature is a huge >step. >i am a fan of providing easy accessible security and using already >existing infrastructure. (in case of the dom0 repo, an ultimately >trusted

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread john.david.r.smith
this may be a source of errors for some users, or even insecure (mitm + exchanging the master signing key information on the website + patching the downloaded image). I know what you mean, but it's worth remembering that the Qubes Master Signing Key fingerprint is supposed to be verified

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-28 04:39, john.david.r.smith wrote: > currently when i have qubes and need a new image (e.g. to > reinstall/install on a new machine), i need to download the image > from qubes-os.org and then check the signature. > > this may be a

[qubes-users] RFC: adding qubes images to the (qubes) repo

2016-12-28 Thread john.david.r.smith
currently when i have qubes and need a new image (e.g. to reinstall/install on a new machine), i need to download the image from qubes-os.org and then check the signature. this may be a source of errors for some users, or even insecure (mitm + exchanging the master signing key information on