Gentoo Archives: gentoo-dev

From: John Nilsson <john@×××××××.nu>
To: Paul de Vrieze <pauldv@g.o>
Cc: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage.
Date: Mon, 29 Mar 2004 13:02:21
Message-Id: 1080565359.955.217.camel@newkid.milsson.nu
In Reply to: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage. by Paul de Vrieze
1 You have to trust the device that you interface with in any case. If the
2 computer is compromised, how do you know that the message you pipe
3 through for signing is the same as on the screen?
4
5 -John
6
7 On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote:
8 > -----BEGIN PGP SIGNED MESSAGE-----
9 > Hash: SHA1
10 >
11 > On Sunday 28 March 2004 18:39, Sami Näätänen wrote:
12 >
13 > > To do what?
14 > >
15 > > The master key will not be present there.
16 > > And if you don't provide those keys that are in the card the keys you
17 > > make with the trojaned machine can't be validated with the master
18 > > public key.
19 >
20 > That would only work if the external device actually performs the
21 > singing. Not when the key itself is readable by the computer the device
22 > is inserted in. I don't know if it would be possible to acquire such a
23 > device allthough they probably exist.
24 >
25 > Paul
26 >
27 > - --
28 > Paul de Vrieze
29 > Gentoo Developer
30 > Mail: pauldv@g.o
31 > Homepage: http://www.devrieze.net
32 > -----BEGIN PGP SIGNATURE-----
33 > Version: GnuPG v1.2.4 (GNU/Linux)
34 >
35 > iD8DBQFAZ+K5bKx5DBjWFdsRAsvmAJ4sxzDl7z05qvloegttB5Omm1FsFQCgsttT
36 > DMv+RqOgr9ZnMLxArOOxMaI=
37 > =JzOQ
38 > -----END PGP SIGNATURE-----
39 >
40 > --
41 > gentoo-dev@g.o mailing list
42 >

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage. Joshua Brindle <method@g.o>