> Hi! > > https://tails.boum.org/doc/get/trusting_tails_signing_key/index.en.html#index1h1 > > As far I understand, this chapter assumes an adversary in a position to > break SSL or strip SSL (and the user not noticing). > > With that assumption in mind, look at the graphic below. > > user <-> user ISP <-> internet <-> boum.org ISP <-> boum.org server > MITM less likely for this route | no help for this route > > This suggestion does not help against an adversary able to tamper with > traffic going through the boum.org ISP. No matter from which place the > user visits boum.org, an adversary in that position can always tamper > with the traffic. > > This is still a useful suggestion for many people. For example for > people in censored countries, which get the key several times through > different Tor nodes and trust that more than their own network. > > I think these limitations should be noted nonetheless. > > Cheers, > adrelanos > _______________________________________________ > tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev >
Yes an advanced attacker could implant a device in the uplinks(s) that gives tails boum server internet access, and have access to SSL root private keys, and serve false versions _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
