[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RESEND] Re: Digital Signatures (fwd)
Sorry for the repost, beat the pine developers...
begin electrogrammati illius Ben Goren
>> Ok, but are the CDs trustworthy?
>Personally, I trust the CDs a *lot* more than I trust
>Thawte. Sounds like you trust Thawte more than the CDs. To each
>his own, but I'd bet that Theo et al. are with me on this one.
I ack, but read on.
>> Even if they are, I still DO want a sample .ssh/known_hosts
>> pre-initialized with the ssh keys of the OpenBSD hosts (for
>> example, anoncvs) in the main distribution (misc31.tgz IMHO is
>> the place this belongs to).
>This I like. Why don't you submit such a sample? OpenBSD is, after
>all, about scratching itches, and it sounds like you're the one
>most in need of hydrocortisone cream here. Oh--the proper place
>for site-wide ssh hosts files is somewhere in /etc; exactly where
>depends on how new your ssh is.
I am thinking of a file which is something like ~/.ssh/known_hosts
only for the OpenBSD anoncvs etc. hosts, where users can copy out
public host keys as needed, to be assured identity of the anoncvs
host. I can't do it because I am not sitting on such a machine.
>By what mechanism would an attacker tamper with the certificates?
You can always find one ;)
>Between Calgary and (in my case) Tempe, Arizona, only Canada Post
>and the USPS have access to the CD. If you're worried about either
Between Belgium and Germany there is few way, too. But how much of
us do get their CDs from Canada?
I remember I got, e.g. my Debian 2.1 CD-Set on self-burnt CDs from
a "official" dealer...
>of them intercepting your order and replacing it with a duplicated
>CD with a compromized certificate, don't. Worry instead about men
>with neither necks nor souls. And don't forget your tinfoil hat.
Sorry I don't understand this one.
>> Letting the cert being signed by an external entity whose cert
>> is well-known to most users seems to be necessary [. . . .]
>Thawte is owned by Verisign aka Network Solutions. I personally
>don't trust corporations much to begin with, but Netsol deserves
>no trust whatsoever. I, and everybody else I've ever spoken with
>who has had dealings with Netsol, has at least one horror story in
>which Netsol abused trust placed in them.
Owned != Controlled. They just assure, legally, for the identity
of a certificate (that its data are correct).
>And you want to trust them to certify the validity of OpenBSD
I don't want, how often again, to let them validate releases.
OpenBSD people validate releases, they just make sure the mail
has not been tampered with, and optionally identify the sender.
>If you're really in a position where you can't trust a CD sent
>through the mail, you're already screwed. If you really think
I don't know. Mine don't even come from Canada, do they?
>you're vulnerable to a man-in-the-middle attack when you download
>the patches, then actually read and understand the patches before
>you apply them. And, for heaven's sake, *DON'T* run -current!
I run what I want.
I just proposed some thing that damned oftenly has been asked
for on the list, with some thinking behind.
And it's funny that the world's securest OS hasn't even https
on the main page.
Ok, if none of you people agree, I will shut up now, and this
will have no negative benefit for me personally. Mind this.
If someone still wishes to follow-up, feel free to do this,
but since there is not much interest on the lists, I wish
you to do this in personal email. Thanks.
Yes, I am root on my box, my friends' boxen and my mailgate.
And yes, I do know how to handle it. Yes, I know about kill-
rules, too. So WTF do you still bother filling my syslog?