| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Peter Simons wrote: |
| 5 |
> Right now, I have to trust the entire network. I don't know |
| 6 |
> about others, but that's slightly above the level of risk I |
| 7 |
> am willing to accept. |
| 8 |
|
| 9 |
Peter is unfortunately right. With unencrypted rsync, we aren't even |
| 10 |
talking about just trusting mirror admins (who for one thing are |
| 11 |
probably not quite as seriously vetted as developers with commit access, |
| 12 |
and for another have been compromised in the past), we're talking about |
| 13 |
trusting every possible man in the middle. If we were doing rsync over |
| 14 |
ssh, at least we'd be preventing DNS spoofing leading to fake rsync |
| 15 |
mirrors giving us fake ebuilds (assuming the ssh private keys of the |
| 16 |
given mirror were not compromised). And if we were doing GPG signing, |
| 17 |
we'd be secure against not just that but against rogue mirror admins, |
| 18 |
compromised infrastructure higher up the chain, and so forth. |
| 19 |
|
| 20 |
Yes, this has the basic assumption that the private key is secure, but |
| 21 |
all secure systems make a few basic assumptions, so this is hardly |
| 22 |
unprecedented (we cannot thoroughly prove the security of RSA, and we |
| 23 |
often can't even come close for symmetric-key systems), but that doesn't |
| 24 |
mean that they have inherently zero value. I find that sort of argument |
| 25 |
to be quite flawed, because it's essentially saying, ``Well, nothing is |
| 26 |
provably secure, so why even have secure systems?'' |
| 27 |
|
| 28 |
- -- |
| 29 |
Dan "KrispyKringle" Margolis |
| 30 |
Security Coordinator/Audit Project, Gentoo Linux |
| 31 |
-----BEGIN PGP SIGNATURE----- |
| 32 |
Version: GnuPG v1.2.4 (Darwin) |
| 33 |
|
| 34 |
iQEVAwUBQY5SuLDO2aFJ9pv2AQLu2Af+MWe9DoDzeEi1he7bnmGK1BqKo3a7yUMj |
| 35 |
2YZIhMFIVwNlldW+ZmrgbzO1rCDny7qhr5g9R0HJRqrdU4CH+bqUTO3XdFydhNC5 |
| 36 |
alf/GbJNt8UUY9mHjuMuUNvMp2jckI4oMLEile06i8gCZLCkQr8hkI3awF1/8jA6 |
| 37 |
uGIy+avR+40zRoIlPKX8e1AvVZBMzAgh1UGCLZwnnX/bw1iUD8h0vn+4899iubUg |
| 38 |
SvCG+SxA/HkZzBYhXMz3z4C/431cwyAJQBcl6M+6ObZATiOO8iZuf0JDq/11fZyN |
| 39 |
3e84eR1Yzepi922mjZOdPlGylC5+ISJdXOI8cPMHJHBX/DLcU4Da9w== |
| 40 |
=CG+7 |
| 41 |
-----END PGP SIGNATURE----- |
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-security@g.o mailing list |
Archives