>
> Just need to make sure there're some mountains around for Theo to go
> climb. If you live on a flatland, then, sorry, you're doomed.
>
>
> On 12/6/07, Douglas A. Tutty wrote:
>> On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
>>
>>> One risk would be the plans of "online surveillance" of computers
>>> e.g.
>>> in Germany. One way to install surveillance even on OpenBSD would
>>> be to
>>> actively interfere with the internet connection with the surveilled
>>> person, in the man-in-the-middle sense, and inject trojanned code
>>> ("Bundestrojaner") into the updates of the victim.
>>
>> Using software from any source without interference from an
>> all-pervasive government is a very special, but unfortunatly today, a
>> very real issue for many people around the world. To be secure, you
>> have to get pieces of the puzzle over multiple paths. It all can't
>> come
>> via the net since then you're open to man-in-the-middle.
>>
>> Key-revocation announcements could come over the net (via an announce
>> list) but the new key would then have to come over a second channel.
>>
>> One second-channel option is the q6mth CD issue, which could
>> include a
>> new public key and e.g. known-hosts fingerprints. This is
>> vulnerable to
>> a very determined man-in-the-middle who can replicate and then
>> alter the
>> CD before it arrives to you in the mail.
>>
>> Another option is a trusted courier flying to Alberta and get a CD
>> from
>> the OpenBSD store (yeah, right).
>>
>> In fact, likely any other technological option (e.g. an answering
>> machine in Alberta that spits out the alphanumerics of the current
>> master public key) is still suceptible.
>>
>> If every piece of information you receive is filter through your
>> government, is there any hand-shaking protocol that can allow you to
>> establish a verified information connection (not necessarily
>> encrypted)?
>> I don't think so.
>>
>> Sure, Debian has signed .debs that use gpg as a back end (the
>> system is
>> called apt-key), it relies on you trusting the fist key that you get
>> from them. Since Debian doesn't actually mail out its own CDs,
>> everything is off its mirrors. apt-key only 'protects' you from a
>> later
>> man-in-the-middle.
>>
>> I think that this is the central 'problem' that people are dancing
>> around.
>>
>> Personally, if this thread is to continue, I would like to see it
>> move
>> from a "Why doesn't OpenBSD do things this way?" to a "What are the
>> threat models for OpenBSD identity theft and how can we protect
>> ourselves?".
>>
>> Doug.
>>
>>
>
>
> --
>
http://www.glumbert.com/media/shift
>
http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted." -- Gene Spafford
