Gentoo Archives: gentoo-dev

From: Joshua Brindle <method@g.o>
To: John Nilsson <john@×××××××.nu>
Cc: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage.
Date: Tue, 30 Mar 2004 00:03:58
Message-Id: 4068B950.7050502@gentoo.org
In Reply to: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage. by John Nilsson
This thread is getting way 'out there'. Noone ever said that GPG signing 
is the end-all in security, noone ever said that it's the perfect method 
of protection, what we did say is that it's *alot* better than what we 
have now.
I wish that people would stop coming up with obscure holes in the 
signing model, there is no way around them but this is a far greater 
amount of protection than we have now.
The key to security is layers, we implement as many layers of security 
as possible to prevent compromises but there is obviously a huge human 
element that we can't 'fix'. The obscure ways of defeating the model 
should not stop us from implementing it, and it won't so lets try to 
keep our eyes on the goal and not get drawn off by non-productive 
distractions.

Joshua Brindle


John Nilsson wrote:

 > You have to trust the device that you interface with in any case. If the
 > computer is compromised, how do you know that the message you pipe
 > through for signing is the same as on the screen?
 >
 > -John
 >
 > On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote:
 >
> On Sunday 28 March 2004 18:39, Sami Näätänen wrote: > > >>To do what? > >>The master key will not be present there. >>And if you don't provide those keys that are in the card the keys you >>make with the trojaned machine can't be validated with the master >>public key. > > That would only work if the external device actually performs the > singing. Not when the key itself is readable by the computer the device > is inserted in. I don't know if it would be possible to acquire such a > device allthough they probably exist. > > Paul >
-- gentoo-dev@g.o mailing list -- gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage. John Nilsson <john@×××××××.nu>