Gentoo Archives: gentoo-dev

From: John Nilsson <john@×××××××.nu>
To: Joshua Brindle <method@g.o>
Cc: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage.
Date: Tue, 30 Mar 2004 00:53:35
Message-Id: 1080608039.956.252.camel@newkid.milsson.nu
In Reply to: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage. by Joshua Brindle
1 I was trying to point out the fact that any system relies on trust and
2 to device a sensible system we have to pick a few things to trust.
3 You have to trust the interface with witch you perform the signing.
4 How much effort that is required to trust a component should be
5 discussed.
6 I believe that there are some human elements that can be 'fixed'. Some
7 room for human errors can be removed if it would be impossible for the
8 keeper of the master key to extract the private key from the signing
9 tool, even if he/she wanted to.
10
11 -John
12
13
14
15 On Tue, 2004-03-30 at 02:03, Joshua Brindle wrote:
16 > This thread is getting way 'out there'. Noone ever said that GPG signing
17 > is the end-all in security, noone ever said that it's the perfect method
18 > of protection, what we did say is that it's *alot* better than what we
19 > have now.
20 > I wish that people would stop coming up with obscure holes in the
21 > signing model, there is no way around them but this is a far greater
22 > amount of protection than we have now.
23 > The key to security is layers, we implement as many layers of security
24 > as possible to prevent compromises but there is obviously a huge human
25 > element that we can't 'fix'. The obscure ways of defeating the model
26 > should not stop us from implementing it, and it won't so lets try to
27 > keep our eyes on the goal and not get drawn off by non-productive
28 > distractions.
29 >
30 > Joshua Brindle
31 >
32 >
33 > John Nilsson wrote:
34 >
35 > > You have to trust the device that you interface with in any case. If the
36 > > computer is compromised, how do you know that the message you pipe
37 > > through for signing is the same as on the screen?
38 > >
39 > > -John
40 > >
41 > > On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote:
42 > >
43 > > On Sunday 28 March 2004 18:39, Sami Näätänen wrote:
44 > >
45 > >
46 > >>To do what?
47 > >
48 > >>The master key will not be present there.
49 > >>And if you don't provide those keys that are in the card the keys you
50 > >>make with the trojaned machine can't be validated with the master
51 > >>public key.
52 > >
53 > > That would only work if the external device actually performs the
54 > > singing. Not when the key itself is readable by the computer the device
55 > > is inserted in. I don't know if it would be possible to acquire such a
56 > > device allthough they probably exist.
57 > >
58 > > Paul
59 > >
60 >
61 > --
62 > gentoo-dev@g.o mailing list
63 >
64 >
65 >

Attachments

File name MIME type
signature.asc application/pgp-signature