Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Nick Guenther <kousue@...>

To: OpenBSD-Misc <misc@...>

Subject: Re: Code signing in OpenBSD

Date: Wednesday, December 5, 2007 - 12:59 pm

On 12/5/07, new_guy wrote:

quoted text

> Harpalus a Como wrote:
> >
> > What is the benefit of doing so? What's the point? Is the website so
> > likely
> > to be hacked into, that the developers need to sign all communication just
> > to ensure that it comes from them? There's absolutely no need to signing
> > errata or official communications. Name one justifiable use for them. If
> > the
> > OpenBSD developers didn't care about "secure communications", then OpenSSH
> > would not exist.
> >
>
> Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
> user community? Knowing that xyz binary is signed by OpenBSD for
> distribution or abc email came from an official OpenBSD source is a good
> thing. Trojaned binaries and forged emails happen. PKI can help mitigate
> this. The benefit of PKI is widely known and accepted and does not need to
> be rehashed here.

Are you *sure* of that? You might want to read
http://www.schneier.com/paper-pki-ft.txt

> I'm surprised that OpenBSD (the most secure OS I know of)

quoted text

> does not use it, that's all I'm saying. I also thought there would be a real
> reason for not doing so and there may in fact be and I may just be unaware
> of it.

OpenBSD is the most secure OS, the devs know what they are doing.. and
they've rejected this as uneccessary.
You can check the MD5 files for the main distribution, and for
packages.. well the official OpenBSD mirrors are all trustworthy--if
they aren't, it will be discovered and they will no longer be official
mirrors.
This isn't a great answer, I know.

-Nick

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)

Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)

Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)

Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)

Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)

Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)

Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)

Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)

Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)

Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)

Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)

Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)

Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)

Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)

Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)

Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)


linux-kernel:
Kok, Auke	Re: -mm merge plans for 2.6.23 - ioat/dma engine
Jeff Garzik	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Matthew Garrett	[PATCH] Remove process freezer from suspend to RAM pathway
linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jens Axboe	Re: [BUG] New Kernel Bugs
git:

openbsd-misc:

Re: Code signing in OpenBSD

Online users