I keep reading that qubes assumes that your network has been compromised, but how does qubes assure that it can update securely in these connections?
I am someone who is required to be constantly travelling for work, and secure connections aren’t always possible.
Second question, assuming that qubes can assure updating is secure on potentially compromised connections, does that also apply to qubes? I.e you can safely browse on your appvms, log in to services and not worry too much?, Or is it simply disp only and no logging In to accounts & services?
You can safely update using a compromised connection because you have the Qubes public key, when you receive an update it’s signed/encrypted with the Qubes private key. Any official Qubes updates can be decrypted using the Qubes public key, if this fails you know the file is modified or corrupted.
This only applies to files you receive from Qubes and can’t be applied to data in general.
You can use Tor/Whoinx to connect to the internet using a compromised connection, and it also uses public/private key encryption, but this is something separate from the Qubes update process.
Update packages are cryptographically signed and aren’t installed unless the signature is successfully authenticated, so it doesn’t matter how compromised the network is. Imagine it like an armored truck transporting money through a bad neighborhood. (Except it’s feasible to break into an armored truck by brute force, whereas brute forcing strong cryptography is generally impractical.)