Draft how Tails Installer should trust the Tails signing key
How do we trust the signing key?
- One possibility would be to TOFU. But on second use, how do we identify that the user has trusted the key once? => verify if we can change a key’s trust level without signing it.
- Trust the Debian keyring.
- installer needs to check if Tails signing key contains signatures from Debian keyring / Web of Trust. If not, how should it advertise the user that the key does not contain any signature which is also present in the keyring?
- Research if our public signing key should be packaged with the
tails-installer or could we create a package tails-keyring which
would be a dependency of tails-installer?
- In Windows version the key could be contained in the package directly.
- Deb packages are signed by Debian keyring, which increases the level of trust.
- having tails-keyring as independent package would allow for easier updating in case of revocation or changes.
Parent Task: #10315 (closed)
Original created by @u on 10317 (Redmine)