Home » Mailing list archives » openbsd-misc » 2007 » December » 6

Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Hannah Schroeter <hannah@...>
To: OpenBSD <misc@...>
Subject: Re: Code signing in OpenBSD
Date: Thursday, December 6, 2007 - 6:48 am

Hi!


On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote:


>What are the risks you are trying to address?


One risk would be the plans of "online surveillance" of computers e.g.

in Germany. One way to install surveillance even on OpenBSD would be to

actively interfere with the internet connection with the surveilled

person, in the man-in-the-middle sense, and inject trojanned code

("Bundestrojaner") into the updates of the victim.


Using OpenBSD CDs doesn't protect the victim from attacks like that

that much because many people need ports/packages and to get fixes one

virtually has to use -current most of the time, and to update -current,

one often uses snapshots over non-secured transfers (ftp, rsync, source

via cvsync/cvsup). The only exception I know of is anoncvs via ssh,

but then, the CDs, IIRC, don't even ship with a known_hosts file for

the anoncvs servers.


As the talk about those "online surveillance" plans includes talk about

tailored attacks for each victim, they could investigate which OS one

uses and which ways of updating, so they could tailor their attack

vector appropriately.


Yes, *I*'d be vulnerable. I'd be not if I had a public key (and anoncvs

known_hosts file) from CD, perhaps also cvsync with cryprographic

integrity protection and public key (fingerprints) from CD, etc.


So the "online surveillance" stuff would perhaps not only affect Windoze

boxen as some people would come to think, even though the installation

of a trojan is, of course, usually much easier for Windoze than for

OpenBSD (or even a Linux installation if people with some skills operate

them).


Yes, of course cryptographic integrity protection wouldn't secure

OpenBSD against all kinds of attack vectors, but against *some*. Yes, it

comes at a cost. And I don't know whether the cost is really worth

while...


But I question whether it's really sound to just dismiss it beforehand.


>[...]


Kind regards,


Hannah.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)
Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)
Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)
Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)
Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)
Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)
Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)
Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)
Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)
Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)
Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)
Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)
Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)
Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)
Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)
Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)