> On 12/6/07, Jeff I. Ragland <jeff.i.ragland@gmail.com> wrote:
>
>> On 06 Dej 2007, at 5:39 LL, bofh wrote:
>>
>>
>>> You forgot one option. Invite Theo to give a talk, and ask him to
>>> bring the CDs. If you can't trust Theo's CDs, all hope is lost.
>>>
>> And how would you know that it is indeed Theo and not someone that
>> looks like him? I think that blood samples and DNA tests is the only
>> way to go here.
>>
>>
>>
>>> Just need to make sure there're some mountains around for Theo to go
>>> climb. If you live on a flatland, then, sorry, you're doomed.
>>>
>>>
>>> On 12/6/07, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
>>>
>>>> On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
>>>>
>>>>
>>>>> One risk would be the plans of "online surveillance" of computers
>>>>> e.g.
>>>>> in Germany. One way to install surveillance even on OpenBSD would
>>>>> be to
>>>>> actively interfere with the internet connection with the surveilled
>>>>> person, in the man-in-the-middle sense, and inject trojanned code
>>>>> ("Bundestrojaner") into the updates of the victim.
>>>>>
>>>> Using software from any source without interference from an
>>>> all-pervasive government is a very special, but unfortunatly today, a
>>>> very real issue for many people around the world. To be secure, you
>>>> have to get pieces of the puzzle over multiple paths. It all can't
>>>> come
>>>> via the net since then you're open to man-in-the-middle.
>>>>
>>>> Key-revocation announcements could come over the net (via an announce
>>>> list) but the new key would then have to come over a second channel.
>>>>
>>>> One second-channel option is the q6mth CD issue, which could
>>>> include a
>>>> new public key and e.g. known-hosts fingerprints. This is
>>>> vulnerable to
>>>> a very determined man-in-the-middle who can replicate and then
>>>> alter the
>>>> CD before it arrives to you in the mail.
>>>>
>>>> Another option is a trusted courier flying to Alberta and get a CD
>>>> from
>>>> the OpenBSD store (yeah, right).
>>>>
>>>> In fact, likely any other technological option (e.g. an answering
>>>> machine in Alberta that spits out the alphanumerics of the current
>>>> master public key) is still suceptible.
>>>>
>>>> If every piece of information you receive is filter through your
>>>> government, is there any hand-shaking protocol that can allow you to
>>>> establish a verified information connection (not necessarily
>>>> encrypted)?
>>>> I don't think so.
>>>>
>>>> Sure, Debian has signed .debs that use gpg as a back end (the
>>>> system is
>>>> called apt-key), it relies on you trusting the fist key that you get
>>>> from them. Since Debian doesn't actually mail out its own CDs,
>>>> everything is off its mirrors. apt-key only 'protects' you from a
>>>> later
>>>> man-in-the-middle.
>>>>
>>>> I think that this is the central 'problem' that people are dancing
>>>> around.
>>>>
>>>> Personally, if this thread is to continue, I would like to see it
>>>> move
>>>> from a "Why doesn't OpenBSD do things this way?" to a "What are the
>>>> threat models for OpenBSD identity theft and how can we protect
>>>> ourselves?".
>>>>
>>>> Doug.
>>>>
>>>>
>>>>
>>> --
>>>
http://www.glumbert.com/media/shift
>>>
http://www.youtube.com/watch?v=tGvHNNOLnCk
>>> "This officer's men seem to follow him merely out of idle curiosity."
>>> -- Sandhurst officer cadet evaluation.
>>> "Securing an environment of Windows platforms from abuse - external or
>>> internal - is akin to trying to install sprinklers in a fireworks
>>> factory where smoking on the job is permitted." -- Gene Spafford
