login
Login / Register
Header Space

 
 

Home » Mailing list archives » openbsd-misc » 2007 » December » 5

Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: Rui Miguel Silva Seabra <rms@...>
To: OpenBSD-Misc <misc@...>
Subject: Re: Code signing in OpenBSD
Date: Wednesday, December 5, 2007 - 2:46 pm

On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote:

I don't see what is the problem with blessing a fingerprint of the
binaries with a PKI signature, which would mean that *these* are the
binaries the devs intended to release.

Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.


Definitely not a great answer, as there are vectors of attack which
cover the client acessing the mirror and not the mirror in itself, like
changing on-the-fly the md5sums to match the bad binaries, etc...

A digital signature would enable the non-repudiation of the fingerprints
file (at least), giving a moderate level of assurance that attack
vectors would have to concentrate on upstream development servers (where
the devs *really* know what they are doing).

Rui

-- 
Hail Eris!
Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)
Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)
Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)
Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)
Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)
Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)
Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)
Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)
Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)
Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)
Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)
Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)
Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)
Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)
Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)
Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 6 users and 912 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary