[Tails-dev] Easy verification steps for OS X

[steve]

Dear all,

I am not signed up to this mailing list, so use cc: for any relevant replies.

The current verification steps for OS X users are, to put things mildly, broken.

Current procedure:
Users would follow this link: 
https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems
 

then have to follow this link: 
https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html
 

and those instructions are really hard to read and follow.

Many unexperienced users will not be able to do this. They will give up and not 
attempt to use Tails - at all.

In GPGTools support we receive occasional feedback from very confused Tails 
users, unable to verify their download. The latest example from yesterday is: 
https://gpgtools.tenderapp.com/discussions/problems/47413-what-is-the-protocol-for-verifying-a-signature-from-a-file
 

 This is not the only case and I am sure there are many more which just give 
up, without even bothering to write a feedback report.

So here are some improved, shorter and easier to follow verification steps for 
OS X in markdown:

To verify the signature of your tails file

1. download the Tails iso file and
1. the gpg signature file from https://tails.boum.org/download
1. click this [link](https://tails.boum.org/tails-signing.key) to display / 
download our key
1. download and install [GPG Suite](https://gpgtools.org/gpgsuite)
1. open GPG Keychain and drag the tails-signing.key into the main window to 
import the key
1. make sure that dmg and sig file both are located in the same folder
1. right-click signature or dmg file and select Services > OpenPGP: Verify 
Signature of File and allow a moment for processing

If everything is ok, the verification result will look similar to this:



I think you’d do your OS X users a big favor by updating the website 
description. I’d love to see a dedicated OS X section and not have windows / OS 
X mixed up under „other operating systems“ here 
https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems
 


Ideally the specific OS X instructions would open an expanding section 
(analogue to what the current solution for „other operating systems“ does) but 
only include the OS X instructions.

I hope this is useful and can be added to the website. This should solve 
https://labs.riseup.net/code/issues/7147

Kindly,
steve


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Testing the ISO Verification Extension

[Giorgio Maone]

Status update as of latest commit (extension version 0.2.1) follows.

On 12/11/2015 17:38, sajolida wrote:
> 2. The extension is great because it preserves its state even if you
> close the tab. You can open it again and the result of the verification
> is still there. Still, I think we should reset its state in some cases:
>
>   - When the download is finished and the user clicks on the "next"
> button. :maone:
Done: once you click "Next", the filesystem browser is shown with the
file highlighted while in the background the page gets reloaded and goes
in its initial state.

>
> 3. Regarding resetting the state of the extension, we were wondering how
> this interacts with the Private Browsing of Firefox. Is is reseted when
> going in and out of Private Browsing?
The extension syncs with the download manager, hence if a download has
been initiated from a private window it won't be available anymore once
you close that window (even though if you already have the UI opened in
another window it will still show its state until reloaded).
Of course the state is not persisted across sessions if the download
started from a private window.
>
> 4. We looked at the SSL information embedded in the code (conf.json) and
> there's the fingerprint of the certificate for tails.boum.org. According
> to the specification on
> https://tails.boum.org/blueprint/bootstrapping/extension/#index5h2 it
> should instead include "root certificate of the authority expected to
> sign the certificate of https://tails.boum.org/;. We don't want the
> extension to break when boum.org renew their certificates. :maone:
Done, maybe.
Now you've got the flexibility of choosing to pin the domain cert, the
issuer's (CA's) cert or both.
I decided not to let you pin on the actual root, but on the nearest
issuer in the chain (Gandi, in your case), because it seemed to me that
pinning on a root CA which has many resellers (like "The UserTrust
Network", in your case) would have sensibly reduced the security of this
setup.
If you actually prefer the root to be tested, rather than the
intermediate, I'm gonna implement it as a further option.

>
> 5. In 2cf4737 you added a class to the  tag. We can't really do
> that in ikiwiki. So is it possible to move this somewhere else in the
> code? Maybe on #download-and-verify? :maone:
Yes, just move the "dave.js" 

[Tails-dev] Tor 0.2.7.5 will come out soon

[Nick Mathewson]

Hi, all.

Some time in the next 2-5 days, I'll be calling the Tor 0.2.7 release stable.

I don't currently expect that tor 0.2.7.5 will have any changes since
0.2.7.4-rc -- the only change will be that the release will be called
stable. I'll let you know if that changes.

(You are receiving this message since you're on the list of email
addresses in doc/HACKING/ReleasingTor.md)

best wishes,
-- 
Nick
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Upgrade Tails Bitcoin donation address

[Michael English]

Electrum version 2.0 and higher supports the creation of
multi-signature wallet types. I recommend that Tails upgrade their
Bitcoin donation address to a multi-signature address for increased
security and redundancy. A multi-signature address requires m of n
signatures from separate wallets in order to spend the corresponding
Bitcoins. A partially signed transaction is created and sent to one of
the cosigners for completion. You can setup a 2 of 3 multi-signature
wallet to protect against one of the cosigners' wallets being lost or
destroyed. In order to set it up, you need the master public keys of
the cosigners' wallets. The cosigners are usually other leaders of the
project or it can be an offline wallet. The resulting multi-signature
addresses begin with a  3 instead of a 1.

Please read the Electrum documentation on multisig at
http://docs.electrum.org/en/latest/multisig.html . If you have any
further questions, email me.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Update Electrum documentation for Tails 1.8 upgrade to version 2.5.4

[Michael English]

Please see https://labs.riseup.net/code/issues/9713 for context.

Recommend users to manually select a trusted .onion server to protect
against DoS after note about SPV vulnerability.

Make a note that Electrum uses mBTC as the default base unit. 1 mBTC =
0.001 BTC. It can be changed in preferences.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.