From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 18:15:35 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0C3316A41F; Wed, 30 Nov 2005 18:15:35 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail15.syd.optusnet.com.au (mail15.syd.optusnet.com.au [211.29.132.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FDE343D5C; Wed, 30 Nov 2005 18:15:34 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail15.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jAUIFVUi011686 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 1 Dec 2005 05:15:31 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jAUIFVHh035163; Thu, 1 Dec 2005 05:15:31 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jAUIFUu7035162; Thu, 1 Dec 2005 05:15:30 +1100 (EST) (envelope-from pjeremy) Date: Thu, 1 Dec 2005 05:15:30 +1100 From: Peter Jeremy To: Alexander Leidinger Message-ID: <20051130181530.GE32006@cirb503493.alcatel.com.au> References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org, Kurt Seifried Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 18:15:35 -0000 On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote: >Kurt Seifried wrote: > >>should have people upload their keys. On another note I am available >>to sign PGP keys (proving your key/identity is an excercise left to >>the reader =), > >or to the signer... the keys are available in the handbook (either from >www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) But how do I know that the data I download from *.freebsd.org hasn't been tampered with? Either by a MITM attack between me and the real *.freebsd.org site or a DNS attack redirecting me to a third site. This was the nub of my original posting. > And AFAIK this is all PGP is supposed to verify, that the person >behind "user@example.tld" is the same as the person with access to the >secret key for this address. PGP is susceptable to MITM attacks - Ann asks Bruce for his public key. Mallory intercepts the request and substitutes his own public key. He can then intercept, alter and re-sign following exchanges so neither Ann nor Bruce realise they have an intruder. >But this assumes the signer trusts the FreeBSD.org security: If you don't trust the FreeBSD Project you wouldn't run FreeBSD. > Without ssh access there's no way to insert a key into the CVS >repository. Assuming no security holes in the infrastructure... How can I tell that my private copy of the FreeBSD Project's CVS repository is the same as the one on whatever.FreeBSD.org? -- Peter Jeremy