Home » Mailing list archives » openbsd-misc » 2007 » December » 6

Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Lars Noodén <larsnooden@...>
To: bofh <goodb0fh@...>
Cc: <misc@...>, Hannah Schroeter <hannah@...>
Subject: Re: Code signing in OpenBSD
Date: Thursday, December 6, 2007 - 11:12 am

bofh wrote:


Yeah.  It recently disappeared from the ACM's web site after 11+ years

of availability:

	http://www.acm.org/classics/oct95/

There is, fortunately, the author's copy:

	http://cm.bell-labs.com/who/ken/trust.html


There is an interesting follow up:

	http://www.dwheeler.com/trusting-trust/

summary of the followup:

 http://www.schneier.com/blog/archives/2006/01/countering_trus.html


The bottom line, however, is that having and using the source is not

optional.


Thus, patches are provided in OpenBSD as source...


But, starting from an initial set of some binaries is adequate for many

uses, just as long as we can make reasonably sure that those binaries

come from who they are supposed to / we expect them to.


The install process ought to be fairly clear about the origin,

authenticity and integrity of those initial binaries.  No need to build

on more of a sand foundation than necessary.


-Lars
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 10:01 am)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 10:47 am)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:12 am)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:21 am)