Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Wednesday, December 5, 2007 - 3:52 pm

Yes, that's what I gathered was meant. Going into PKI and code signing,
however, I assumed he meant signing and verifying the underlying source
code, and navigating the trees, I haven't noticed that.

Evidently he meant signing binary packages. In that case, I can kind of
understand the requirement - particularly for business - but whether it's
worth it is up to the OpenBSD team, not me. :) I'm having trouble seeing how
somebody could easily manage to get a compromised binary onto OpenBSD
servers. Seems more trouble to implement then it's worth.

On Dec 5, 2007 7:13 PM, Dave Ewart <davee@sungate.co.uk> wrote:

quoted text> On Wednesday, 05.12.2007 at 17:59 +0000, Kevin Stam wrote:
>
> > For one thing, I think you're quite confused. Unless I'm missing
> > something, I'm not noticing the FreeBSD, NetBSD, Linux kernel
> > developers "signing" their code, or doing anything particularly
> > differently from the OpenBSD developers. Please explain.
>
> I'm guessing that he's referring to the fact that some Linux
> *distributions* (not the kernel developers or necessarily any of the
> components) sign their binary packages: for example Debian do this.
>
> I believe one of the supposed benefits of this is that it allows anyone
> to set up a public Debian mirror and, after checking the signatures
> during download, one can be sure that they are 'real' Debian packages.
>
> I believe that in some circumstances this may lead to a false sense of
> security:
>
> - Said mirror could have old (vulnerable) versions of packages.  Just
>  because they're signed doesn't mean they're safe;
>
> - The signing relates only to the packaging: if the underlying source
>  code is compromised, then all bets are off.
>
> Would signing help for OpenBSD?  I don't particular see that it would,
> given that you are trading off the hassle of implementing it,
> maintaining it and so on, against the benefits of doing so, which are
> probably small or non-existent.
>
> Dave.
>
> --
> Dave Ewart davee@sungate.co.uk, jabber:davee@jabber.org, freenode:davee
> All email from me is now digitally signed, http://www.sungate.co.uk/
> Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)

Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)

Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)

Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)

Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)

Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)

Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)

Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)

Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)

Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)

Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)

Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)

Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)

Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)

Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)

Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)


linux-kernel:
David Newall	Re: Slow DOWN, please!!!
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Fred .	Please add ZFS support (from GPL sources)
Andi Kleen	Please pull ACPI updates
git:
Peter Stahlir	Git as a filesystem
linux	[DRAFT] Branching and merging with git
Jakub Narebski	[PATCH 2/n] gitweb: Use '&iquot;' instead of '?' in esc_path
Junio C Hamano	Re: irc usage..
openbsd-misc:
Theo de Raadt	That whole "Linux stealing our code" thing
Koh Choon Lin	OBSD on MacBook
Floor Terra	Re: bcw(4) is gone
William Boshuck	Re: Real men don't attack straw men
linux-activists:
Jim Winstead Jr.	Re: Root Disk/Book Disk Compatibility
Desmond A. Kirkpatrick	ATI GUP bug with Linux 'tickler'
David C. Niemi	Re: rsh: "rcmd: socket: Permission denied"
Theodore Ts'o	Re: help again and again


problem with 2.6 kernel driver for a USB MAG Stripe Reader as HID device.	6 hours ago	Linux kernel
get_user_pages failure	8 hours ago	Linux kernel
Reading linux kernel	9 hours ago	Linux kernel
High level of Seagate 2.5" SATA drives failing	15 hours ago	Hardware
Resetting the bios password for Toshiba Laptop	19 hours ago	Hardware
Linux 2.6.22 slowly RUNS OUT OF LOWMEM	21 hours ago	Linux kernel
Questions about modules	1 day ago	Linux kernel
KDB	1 day ago	Linux kernel
Writing a framebuffer driver for an embedded spi interface (!!)	1 day ago	Linux kernel
System with alot of memory doing nothing, locks up after OOM-Killer	2 days ago	Linux kernel

Re: Code signing in OpenBSD

Online users