On 12/28/2016 07:39 AM, john.david.r.smith wrote:
currently when i have qubes and need a new image (e.g. to
reinstall/install on a new machine), i need to download the image from
qubes-os.org and then check the signature.
this may be a source of errors for some users, or even insecure
(mitm +
if offloading is done for isos: ship the master key with qubes and
provide a convenience command to the user. this command should
download (e.g. via torrent) and verify the image (a step the user
can'd do wrong anymore). this command could spawn a dispvm,
install torrent software, load the torren
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-12-28 11:11, john.david.r.smith wrote:
>>> this may be a source of errors for some users, or even insecure
>>> (mitm + exchanging the master signing key information on the
>>> website + patching the downloaded image).
>>
>> I know what you m
the problem is (as you wrote) 'supposed to be verified out-of-band'.
for some less technical people, even verifying the signature is a huge
step.
i am a fan of providing easy accessible security and using already
existing infrastructure. (in case of the dom0 repo, an ultimately
trusted source).
I
>the problem is (as you wrote) 'supposed to be verified out-of-band'.
>for some less technical people, even verifying the signature is a huge
>step.
>i am a fan of providing easy accessible security and using already
>existing infrastructure. (in case of the dom0 repo, an ultimately
>trusted so
this may be a source of errors for some users, or even insecure
(mitm + exchanging the master signing key information on the
website + patching the downloaded image).
I know what you mean, but it's worth remembering that the Qubes Master
Signing Key fingerprint is supposed to be verified
out-o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-12-28 04:39, john.david.r.smith wrote:
> currently when i have qubes and need a new image (e.g. to
> reinstall/install on a new machine), i need to download the image
> from qubes-os.org and then check the signature.
>
> this may be a sourc
currently when i have qubes and need a new image (e.g. to
reinstall/install on a new machine), i need to download the image from
qubes-os.org and then check the signature.
this may be a source of errors for some users, or even insecure
(mitm + exchanging the master signing key information on th