The attack vectors detailed in the incremental updates design spec
(https://tails.boum.org/contribute/design/incremental_upgrades/) mention that
alot of these attacks are the same as the old method of manually downloading
and verifying an iso, namely the mirrors serving the updates can be made to
serve malicious iso's with fake verification keys. Yhese attacks can be solved
by making the mirrors .onion's instead of http, no possibility of mitm
replacing updates in transit and no way for an attacker to find the mirrors
location in order to attack it. This is a fundemental security flaw that could
easily be addressed by routing existing infrastructure through Tor. Is there
some reason the devs have ignored this simple fix?
_______________________________________________
tails-support mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-support
To unsubscribe from this list, send an empty email to
[email protected].
