[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digital Signatures

To: misc@openbsd.org
Subject: Re: Digital Signatures
From: Ben Goren <ben@trumpetpower.com>
Date: Mon, 25 Mar 2002 15:46:42 -0700
Content-Disposition: inline
References: <20020323163527.28226.qmail@oak.oeko.net> <Pine.BSO.4.43.0203241834260.7827-100000@morgaine.isch.ppp> <20020325215434.29747.qmail@oak.oeko.net>
User-Agent: Mutt/1.2.5.1i

First, I have to question  the necessity of digital signatures for
OpenBSD in the  first place. If you don't trust  what you download
from the 'Net, buy a CD. Problem solved.

But,  if there  is a  need for  signatures, it  would seem  that a
self-signed  OpenSSL CA  certificate  included with  the CD  would
solve all the ``Web o' Trust'' issues.

As for the ease of use, it'd be trivial to write a quick script to
call openssl to either sign or verify a distribution file. There's
no reason it needs  to be more than a single  command (and maybe a
passphrase) for anybody.

b&

--
Ben Goren
 mailto:ben@trumpetpower.com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]

Follow-Ups:
- Re: Digital Signatures
  - From: Toni Mueller <openbsd-misc@oeko.net>
- Re: Digital Signatures
  - From: Thorsten Glaser <nirwana@ecce.homeip.net>

References:
- Re: Digital Signatures
  - From: Toni Mueller <openbsd-misc@oeko.net>
- Re: Digital Signatures
  - From: Thorsten Glaser <nirwana@ecce.homeip.net>
- Re: Digital Signatures
  - From: Toni Mueller <openbsd-misc@oeko.net>

Prev by Date: FW: 1024-bit RSA keys in danger of compromise
Next by Date: Re: Slightly OT: [danox@ihug.com.au: Re: (U) Dumb Sendmail Question]
Prev by thread: Re: Digital Signatures
Next by thread: Re: Digital Signatures
Index(es):
- Date
- Thread