From owner-freebsd-security  Thu Feb  8  9:32:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1599937B503; Thu,  8 Feb 2001 09:32:05 -0800 (PST)
Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14Qv3m-0000Kc-00; Thu, 08 Feb 2001 10:40:47 -0700
Message-ID: <3A82DA1E.BC4A9CDD@softweyr.com>
Date: Thu, 08 Feb 2001 10:40:46 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Markus Holmberg <markush@acc.umu.se>
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG
Subject: Re: Package integrity check?
References: <20010205210459.A2479@acc.umu.se> <3A7F9AB6.5CAA983B@softweyr.com> <200102061526.KAA31832@khavrinen.lcs.mit.edu> <3A802FAF.792F61F5@softweyr.com> <200102061802.NAA33086@khavrinen.lcs.mit.edu> <20010208132123.A4400@acc.umu.se>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Markus Holmberg wrote:
> 
> Thanks Wes.
> 
> I'm running -STABLE (and I was mostly just curious, not in a hurting need
> for this functionality right away) so I'm not sure I'm trying it out. But
> it's good to know it's available.

As soon as we get a couple of other issues (mostly Makefile) worked out,
I'll MFC the package-signing stuff.  It runs fine on my laptop, which is:

FreeBSD homer 4.2-STABLE FreeBSD 4.2-STABLE #0: Mon Jan 29 10:13:07 MST 2001

> On Tue, Feb 06, 2001 at 01:02:08PM -0500, Garrett Wollman wrote:
> > 1) Whatever process generates and checksums the packages also makes
> > and signs a master list of all the checksums from each package, and
> >
> > 2) Whatever process installs software from the package compares its
> > checksum against this master list, and verifies the signature of the
> > master list.
> 
> It was these two things that I was thinking of in first place.. (When
> asking if it was possible to check for package integrity). But I realize
> it is not conceivable without a good deal of effort, so I was merely
> wondering if anyone else thought of it.

That's the nice thing about X.509 certs, you only have to distribute the
cert from whoever is providing the package.  The package contains the
checksum, verifying the contents, and the signing process assures you
that the checksum contained in the cert hasn't been tampered with.  Now
all you need is a secure way to get the certificate from the originator.

> > I think that this would be both useful and worthwhile, but again, we
> > need to make sure that legally we are not promising anything other
> > than ``these packages have not been modified since generation''.
                                                       ^^^^^^^^^^
                                                        signing

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message