I downloaded Tails 1.8, along with its signature file, installed Gpg4win as instructed and followed the instructions to verify the signature. (Tried my best to understand the considerably confusing guide)
This is what I got
Signed on 2015-12-15 10:13 with unknown certificate
0xBA2C222F44AC00ED9899389398FEC6BC752A3DB6.
The validity of the signature cannot be verified.
What does that mean? Did I do it wrong? Should I not use this iso?
You haven't done anything wrong. This warning basically means that the certificate it's signed with can't actually be trusted.
On the part of the page that describes how to verify the ISO, there's a warning:
Those techniques rely on standard HTTPS and certificate authorities to make you trust the content of this website. But, as explained on our warning page, you could still be victim of a man-in-the-middle attack while using HTTPS.
And:
As a consequence, they don't provide you with a strong way of checking the ISO image authenticity and making sure you downloaded a genuine Tails.
The guide goes on to make suggestions on how to further increase your trust in what you've downloaded. That said, none of the methods are foolproof. You'll have to decide how much trust you have in them, as discussed in a previous thread: Can TAILS "confidence" suggestions be trusted?
