Tails Download over SSL exposes untrusted certificates

6 months ago

So, i noticed whilst the whole tails.boum.org website is served over SSL, once you attempt to download the ISO image of tails you are taken to the following link:
http://dl.amnesia.boum.org/tails/stable ... -1.0.1.iso

note the http, i thought why would the download be unencrypted if the whole site was encrypted?
So, I change the link to
https://dl.amnesia.boum.org/tails/stabl ... -1.0.1.iso

and this presents me with a "The site's security certificate is not trusted!" in chrome.
Checking out the certificate, shows it is registered to http://www.iiizefko5nort7g.net
my, my, what a fancy name.

Could someone offer any thoughts on this? Is it possible that owners of tails website, so concerned about security and encryption, forgot to install a correct valid ssl certificate on the server, or is this by design?

4 months ago

brah, it costs money to serve content via SSL in large files

so brah you download the .iso then you download the gpg signature which is delivered to you via SSL.

You verify the GPG signature and if it's good, you're set! Good luck, brah.


You are not logged in. Login or register to reply on this thread.