Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Joshua Brindle <method@g.o>
From: John Nilsson <john@...>
Subject: Re: Redux: 2004.1 will not include a secure portage.
Date: Tue, 30 Mar 2004 02:53:59 +0200
I was trying to point out the fact that any system relies on trust and
to device a sensible system we have to pick a few things to trust.
You have to trust the interface with witch you perform the signing.
How much effort that is required to trust a component should be
discussed.
I believe that there are some human elements that can be 'fixed'. Some
room for human errors can be removed if it would be impossible for the
keeper of the master key to extract the private key from the signing
tool, even if he/she wanted to.

-John



On Tue, 2004-03-30 at 02:03, Joshua Brindle wrote:
> This thread is getting way 'out there'. Noone ever said that GPG signing 
> is the end-all in security, noone ever said that it's the perfect method 
> of protection, what we did say is that it's *alot* better than what we 
> have now.
> I wish that people would stop coming up with obscure holes in the 
> signing model, there is no way around them but this is a far greater 
> amount of protection than we have now.
> The key to security is layers, we implement as many layers of security 
> as possible to prevent compromises but there is obviously a huge human 
> element that we can't 'fix'. The obscure ways of defeating the model 
> should not stop us from implementing it, and it won't so lets try to 
> keep our eyes on the goal and not get drawn off by non-productive 
> distractions.
> 
> Joshua Brindle
> 
> 
> John Nilsson wrote:
> 
>  > You have to trust the device that you interface with in any case. If the
>  > computer is compromised, how do you know that the message you pipe
>  > through for signing is the same as on the screen?
>  >
>  > -John
>  >
>  > On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote:
>  >
> > On Sunday 28 March 2004 18:39, Sami Näätänen wrote:
> > 
> > 
> >>To do what?
> > 
> >>The master key will not be present there.
> >>And if you don't provide those keys that are in the card the keys you
> >>make with the trojaned machine can't be validated with the master
> >>public key.
> > 
> > That would only work if the external device actually performs the 
> > singing. Not when the key itself is readable by the computer the device 
> > is inserted in. I don't know if it would be possible to acquire such a 
> > device allthough they probably exist.
> > 
> > Paul
> > 
> 
> --
> gentoo-dev@g.o mailing list
> 
> 
> 
Attachment:
signature.asc (This is a digitally signed message part)
References:
2004.1 will not include a secure portage.
-- Kurt Lieber
Re: Redux: 2004.1 will not include a secure portage.
-- Robin H. Johnson
Re: Redux: 2004.1 will not include a secure portage.
-- Sami Näätänen
Re: Redux: 2004.1 will not include a secure portage.
-- Paul de Vrieze
Re: Redux: 2004.1 will not include a secure portage.
-- John Nilsson
Re: Redux: 2004.1 will not include a secure portage.
-- Joshua Brindle
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Redux: 2004.1 will not include a secure portage.
Next by thread:
Re: Redux: 2004.1 will not include a secure portage.
Previous by date:
Re: Redux: 2004.1 will not include a secure portage.
Next by date:
XFree86 4.2 -- Ready to die


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.