1 |
begin quote |
2 |
On Sun, 4 Aug 2002 19:11:35 +0200 (CEST) |
3 |
"Maik Schreiber" <blizzy@g.o> wrote: |
4 |
|
5 |
> |
6 |
> > how do we avoid infringment into the keys (unauthorized keys added?) |
7 |
> > and |
8 |
> |
9 |
> We don't need to. |
10 |
|
11 |
|
12 |
|
13 |
> > thus enabling an attacker to sign the modified ebuilds/patches and |
14 |
> > have them check as clean? |
15 |
> |
16 |
> Isn't that the whole point of signatures? You can fake them unless you |
17 |
> have the private key. There's no need to block out other keys in the |
18 |
> keyring if we check for The Right Ones (tm). |
19 |
> |
20 |
|
21 |
|
22 |
Okay, Both of theese questions come down to one thing: Key management. |
23 |
|
24 |
no, we need to avoid infringement into the keys. concept: |
25 |
cracker gets my box, keylogs and gets my key's password (or bruteforces |
26 |
it). then he uses my key to sign his own replacement key, adds that to |
27 |
the keyring and has his part set. |
28 |
|
29 |
all this should be quite simple to do without actually harming enough or |
30 |
hampering enough to be detected in a system. |
31 |
|
32 |
after this, he only needs to slowly hack into one or five -system |
33 |
builds, and either use my key, or the new fake one, to go ahead and |
34 |
smash things. wham, haxor karma. |
35 |
|
36 |
|
37 |
that was the sort of faked signatures I was counting for. |
38 |
|
39 |
to have the revocation signatures spread out among the (senior?) |
40 |
developers and allowing them to revoke others keys would be necessary |
41 |
for security, but that still would not help with his newly generated key |
42 |
thats released in mine (or drobbins?) name. |
43 |
|
44 |
|
45 |
so yes, this would require a whole different layer of security for the |
46 |
developers to follow. and can that be enforced? |
47 |
|
48 |
|
49 |
Now that I think of it in theese terms, public keys should not be |
50 |
distributed with the rsync servers, but only with the iso's and |
51 |
downloaded from keyservers. |
52 |
|
53 |
|
54 |
//Spider |
55 |
|
56 |
-- |
57 |
begin .signature |
58 |
This is a .signature virus! Please copy me into your .signature! |
59 |
See Microsoft KB Article Q265230 for more information. |
60 |
end |