Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Douglas A. Tutty <dtutty@...>

To: OpenBSD <misc@...>

Subject: Re: Code signing in OpenBSD

Date: Thursday, December 6, 2007 - 10:51 am

On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:

> One risk would be the plans of "online surveillance" of computers e.g.

quoted text

> in Germany. One way to install surveillance even on OpenBSD would be to
> actively interfere with the internet connection with the surveilled
> person, in the man-in-the-middle sense, and inject trojanned code
> ("Bundestrojaner") into the updates of the victim.

Using software from any source without interference from an
all-pervasive government is a very special, but unfortunatly today, a
very real issue for many people around the world. To be secure, you
have to get pieces of the puzzle over multiple paths. It all can't come
via the net since then you're open to man-in-the-middle.

Key-revocation announcements could come over the net (via an announce
list) but the new key would then have to come over a second channel.

One second-channel option is the q6mth CD issue, which could include a
new public key and e.g. known-hosts fingerprints. This is vulnerable to
a very determined man-in-the-middle who can replicate and then alter the
CD before it arrives to you in the mail.

Another option is a trusted courier flying to Alberta and get a CD from
the OpenBSD store (yeah, right).

In fact, likely any other technological option (e.g. an answering
machine in Alberta that spits out the alphanumerics of the current
master public key) is still suceptible.

If every piece of information you receive is filter through your
government, is there any hand-shaking protocol that can allow you to
establish a verified information connection (not necessarily encrypted)?
I don't think so.

Sure, Debian has signed .debs that use gpg as a back end (the system is
called apt-key), it relies on you trusting the fist key that you get
from them. Since Debian doesn't actually mail out its own CDs,
everything is off its mirrors. apt-key only 'protects' you from a later
man-in-the-middle.

I think that this is the central 'problem' that people are dancing
around.

Personally, if this thread is to continue, I would like to see it move
from a "Why doesn't OpenBSD do things this way?" to a "What are the
threat models for OpenBSD identity theft and how can we protect
ourselves?".

Doug.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)

Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)

Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)

Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)

Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)

Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)

Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)

Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)

Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)

Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)

Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)

Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)

Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)

Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)

Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)

Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)


linux-kernel:
Adrian Bunk	Re: Linux 2.6.21
Linus Torvalds	Linux 2.6.21-rc2
WANG Cong	[-mm Patch] UML: fix a building error
Roland McGrath	Re: [PATCH 0/5] ftrace: to kill a daemon
git:

linux-netdev:
Natalie Protasevich	[BUG] New Kernel Bugs
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Patrick McHardy	Re: [PATCH] netfilter: use per-cpu spinlock rather than RCU (v3)
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
linux-activists:
Theodore Ts'o	Re: cc1 fails silently
Michael Nolan	Power routines on notebook cause kernel panic
Marc Peters	v 0.11 boot disk problem
Dave `geek' Gymer	WARNING (was Re: New afio release)

Re: Code signing in OpenBSD

Online users