From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 21:02:14 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7F6D16A41F for ; Sun, 27 Nov 2005 21:02:14 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (syn.csh.rit.edu [129.21.60.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5653343D8F for ; Sun, 27 Nov 2005 21:01:52 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (localhost [127.0.0.1]) by syn.csh.rit.edu (8.13.3/8.13.1) with ESMTP id jARL2pS6034354; Sun, 27 Nov 2005 16:02:51 -0500 (EST) (envelope-from wxs@syn.csh.rit.edu) Received: (from wxs@localhost) by syn.csh.rit.edu (8.13.3/8.13.1/Submit) id jARL2aAC034353; Sun, 27 Nov 2005 16:02:36 -0500 (EST) (envelope-from wxs) Date: Sun, 27 Nov 2005 16:02:36 -0500 From: Wesley Shields To: Szilveszter Adam , freebsd-security@freebsd.org Message-ID: <20051127210236.GA28643@csh.rit.edu> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <20051127085729.GA947@momo.buza.adamsfamily.xx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051127085729.GA947@momo.buza.adamsfamily.xx> User-Agent: Mutt/1.5.11 Cc: Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 21:02:14 -0000 On Sun, Nov 27, 2005 at 09:57:31AM +0100, Szilveszter Adam wrote: > Hello Peter, > > On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote: > > - Signing ISO images with a Project key and/or certificate in addition > > to providing MD5 checksums. > > - Investigate providing authenticated protocols for updating FreeBSD. > > Also, one should not forget the currently present FTP infrastructure > either. While the content is publicly available, their integrity should > be verifiable. The same goes for ports distfiles: ideally the should be > signed, at least the checksums. The pkg_* tools AFAIK already have sig > checking capability for > the binary packages, but somehow this should be extended to the "build > from source" version as well, particularly since this seems to be the > more often used method. Ports distfiles are recorded with MD5 (and SHA256 now that it's in the base of 6.x, though it can be added via a port to other versions) signatures. I'm not entirely sure of the pkg_* tools doing signature verification but it would be nice to have. -- WXS