| 1 |
begin quote |
| 2 |
On Sun, 4 Aug 2002 19:11:35 +0200 (CEST) |
| 3 |
"Maik Schreiber" <blizzy@g.o> wrote: |
| 4 |
|
| 5 |
> |
| 6 |
> > how do we avoid infringment into the keys (unauthorized keys added?) |
| 7 |
> > and |
| 8 |
> |
| 9 |
> We don't need to. |
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
> > thus enabling an attacker to sign the modified ebuilds/patches and |
| 14 |
> > have them check as clean? |
| 15 |
> |
| 16 |
> Isn't that the whole point of signatures? You can fake them unless you |
| 17 |
> have the private key. There's no need to block out other keys in the |
| 18 |
> keyring if we check for The Right Ones (tm). |
| 19 |
> |
| 20 |
|
| 21 |
|
| 22 |
Okay, Both of theese questions come down to one thing: Key management. |
| 23 |
|
| 24 |
no, we need to avoid infringement into the keys. concept: |
| 25 |
cracker gets my box, keylogs and gets my key's password (or bruteforces |
| 26 |
it). then he uses my key to sign his own replacement key, adds that to |
| 27 |
the keyring and has his part set. |
| 28 |
|
| 29 |
all this should be quite simple to do without actually harming enough or |
| 30 |
hampering enough to be detected in a system. |
| 31 |
|
| 32 |
after this, he only needs to slowly hack into one or five -system |
| 33 |
builds, and either use my key, or the new fake one, to go ahead and |
| 34 |
smash things. wham, haxor karma. |
| 35 |
|
| 36 |
|
| 37 |
that was the sort of faked signatures I was counting for. |
| 38 |
|
| 39 |
to have the revocation signatures spread out among the (senior?) |
| 40 |
developers and allowing them to revoke others keys would be necessary |
| 41 |
for security, but that still would not help with his newly generated key |
| 42 |
thats released in mine (or drobbins?) name. |
| 43 |
|
| 44 |
|
| 45 |
so yes, this would require a whole different layer of security for the |
| 46 |
developers to follow. and can that be enforced? |
| 47 |
|
| 48 |
|
| 49 |
Now that I think of it in theese terms, public keys should not be |
| 50 |
distributed with the rsync servers, but only with the iso's and |
| 51 |
downloaded from keyservers. |
| 52 |
|
| 53 |
|
| 54 |
//Spider |
| 55 |
|
| 56 |
-- |
| 57 |
begin .signature |
| 58 |
This is a .signature virus! Please copy me into your .signature! |
| 59 |
See Microsoft KB Article Q265230 for more information. |
| 60 |
end |
Archives