From owner-freebsd-security Thu May 18 0:59:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 6491737B8AC; Thu, 18 May 2000 00:59:24 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id BAA15273; Thu, 18 May 2000 01:59:23 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3923A366.A309CED9@softweyr.com> Date: Thu, 18 May 2000 02:01:44 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: security@FreeBSD.ORG, Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Wed, 17 May 2000, Wes Peters wrote: > > > > Now to address Wes's point: I don't believe SSH1 can do certification, > > > although I don't know about SSH2. > > > > Oh, I was referrering to certificates for sending S/MIME email. > > In theory PKI can do everything [*]: S/MIME email, PGP signatures, signed > SSH hostkeys so you don't have to explicitly verify the new key through > out-of-band trusted channels, SSL certificates for secure web services, > etc. In theory these formats should all be pretty inter-convertible, since > they all contain "enough crypto" (packaged in different ways) to make a > decent protocol happy. > > > I'm not sure we'll be doing a large enough volume to warrant paying money > > for CA services. I guess we'd have to work out a plan for what classes > > of persons and/or positions we plan to issue keys/certs to in order to > > answer that question. If we're talking about a CA cert, a cert for each > > of the "hats", and a cert for each committer individually, that means > > right now we'd need to manage about 210 certs, of which 5 or 6 need to > > be transferrable. > > The point of a PKI is that you can have a *single* trusted root > certificate with all others signed by that one in a hierarchy. In order to > root the tree in something which (e.g.) Netscape browsers will > automatically understand, we'd need to have at least one key signed by a > commercial CA (Verisign, Thawte, ..) which is used as the basis for the > FreeBSD PKI, but there's no inherent need for more than one "purchased" > certificate. It is quite simple to add a CA to your browser, I've done it at work several times this week. ;^) Also, there is more than just the browser at stake here; when I finish my work on pkg_add it will be able to accept and verify signed packages. How much checking of the certificate we choose to do is up for grabs. > > Plus, I really like the idea of a cert with "The FreeBSD Project" as the > > CA. Are we not the most reliable source of information about FreeBSD? > > Certified signatures are not about verifying the information content of > data, it's about verifying the integrity of the message and the > authenticity of the signing key. Exactly. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message