Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Nick Guenther

Date: Wednesday, December 5, 2007 - 9:59 am

On 12/5/07, new_guy <byte8bits@gmail.com> wrote:
quoted text> Harpalus a Como wrote:
> >
> > What is the benefit of doing so? What's the point? Is the website so
> > likely
> > to be hacked into, that the developers need to sign all communication just
> > to ensure that it comes from them? There's absolutely no need to signing
> > errata or official communications. Name one justifiable use for them. If
> > the
> > OpenBSD developers didn't care about "secure communications", then OpenSSH
> > would not exist.
> >
>
> Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
> user community? Knowing that xyz binary is signed by OpenBSD for
> distribution or abc email came from an official OpenBSD source is a good
> thing. Trojaned binaries and forged emails happen. PKI can help mitigate
> this. The benefit of PKI is widely known and accepted and does not need to
> be rehashed here.

Are you *sure* of that? You might want to read
http://www.schneier.com/paper-pki-ft.txt

quoted text> I'm surprised that OpenBSD (the most secure OS I know of)
> does not use it, that's all I'm saying. I also thought there would be a real
> reason for not doing so and there may in fact be and I may just be unaware
> of it.

OpenBSD is the most secure OS, the devs know what they are doing.. and
they've rejected this as uneccessary.
You can check the MD5 files for the main distribution, and for
packages.. well the official OpenBSD mirrors are all trustworthy--if
they aren't, it will be discovered and they will no longer be official
mirrors.
This isn't a great answer, I know.

-Nick

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Code signing in OpenBSD, new_guy, (Tue Dec 4, 8:16 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Tue Dec 4, 10:52 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 7:56 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 8:03 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 8:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 9:46 am)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 9:59 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 10:15 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 10:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 10:41 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 10:59 am)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 11:18 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:26 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 11:27 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 11:46 am)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 11:48 am)

Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 12:13 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 12:23 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 12:52 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 12:58 pm)

Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 1:21 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 1:23 pm)

Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 1:24 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 1:36 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 1:41 pm)

Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 2:09 pm)

Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 2:12 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:28 pm)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 2:28 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 3:08 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 3:22 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 4:22 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 4:46 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 5:15 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:56 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 6:35 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 6:48 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 7:15 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 8:02 pm)

Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 8:03 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 9:37 pm)

Re: Code signing in OpenBSD, Otto Moerbeek, (Wed Dec 5, 11:55 pm)

Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 1:20 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 2:44 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 2:45 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 3:48 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 3:50 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 3:52 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 4:12 am)

Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 4:23 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 4:37 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 4:38 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 7:51 am)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 8:08 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 8:24 am)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 8:39 am)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 8:54 am)

Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 9:01 am)

Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 9:27 am)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 9:57 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:10 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:12 am)

Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 10:33 am)

Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 11:00 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:28 am)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:39 am)

Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 11:58 am)

Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 12:22 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 12:39 pm)

Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 12:49 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 12:59 pm)


linux-kernel:
Rafael J. Wysocki	[Bug #11559] 2.6.27-rc6: nohz + s2ram = need to press keys to get progress
Chris Mason	Re: [Bug #11548] kernel BUG at drivers/pci/intel-iommu.c:1373!
Josef 'Jeff' Sipek	[PATCH 23/24] Unionfs: Kconfig and Makefile
Borislav Petkov	2.6.23-rc1: no setup signature found...
Linus Torvalds	Linux 2.6.34-rc4
git:
Pat Thoyts	[PATCH] git-gui: use themed tk widgets with Tk 8.5
Laflen, Brandon (GE, Research)	RE: fatal: Unable to find remote helper for 'http'
Oliver Hoffmann	git init --bare versus git --bare init
Sam Song	Fwd: [OT] Re: Git via a proxy server?
Peter Kjellerstedt	RE: [PATCH] send-email: do not check for editor until needed
linux-netdev:
William Allen Simpson	[net-next-2.6 PATCH v8 0/7] TCPCT part 1: cookie option exchange
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
David Miller	Re: [PATCH v5] rfs: Receive Flow Steering
David Miller	Re: [PATCH 2/2] macb: process the RX ring regardless of interrupt status
git-commits-head:
Linux Kernel Mailing List	V4L/DVB (13368): af9015: support for Sveon STV20 Tuner USB DVB-T HDTV
Linux Kernel Mailing List	ixgbe: Fix - Do not allow Rx FC on 82598 at 1G due to errata
Linux Kernel Mailing List	checkpatch: add check for too short Kconfig descriptions
Linux Kernel Mailing List	Bluetooth: Fallback eSCO to SCO on error 0x1a (Unsupported Remote Feature)
Linux Kernel Mailing List	V4L/DVB (10826): cx88: Add IR support to pcHDTV HD3000 & HD5500
openbsd-misc:
Private Equity Investment Exchange of Vietnam	Cong cu huu hieu: Cong giao tiep dau tu chuyen nghiep nhat Vietnam \| Private Equit...
mark reardon	pfctl not loading rules - Must enable table loading for optimizations
KURS ENGLESKOG JEZIKA NA 10 CD-a	AUDIO-VIZUELNA METODA UCENJA ENGLESKOG JEZIKA na 10 CD-a
L. V. Lammert	OT, .. but has anyone seen a crontab editor
Nick Guenther	Re: This is what Linus Torvalds calls openBSD crowd