From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 08:57:39 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43E5116A41F for ; Sun, 27 Nov 2005 08:57:39 +0000 (GMT) (envelope-from sziszi@bsd.hu) Received: from mta02.mail.t-online.hu (mta02.mail.t-online.hu [195.228.240.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4DC943D4C for ; Sun, 27 Nov 2005 08:57:38 +0000 (GMT) (envelope-from sziszi@bsd.hu) Received: from momo.buza.adamsfamily.xx (catv540001A4.pool.t-online.hu [84.0.1.164]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.t-online.hu (Postfix) with ESMTP for ; Sun, 27 Nov 2005 09:57:36 +0100 (CET) Received: from momo.buza.adamsfamily.xx (localhost.buza.adamsfamily.xx [127.0.0.1]) by momo.buza.adamsfamily.xx (8.13.4/8.13.4) with ESMTP id jAR8vYts001852 for ; Sun, 27 Nov 2005 09:57:35 +0100 (CET) (envelope-from sziszi@bsd.hu) Received: (from sziszi@localhost) by momo.buza.adamsfamily.xx (8.13.4/8.13.4/Submit) id jAR8vYCO001851 for freebsd-security@freebsd.org; Sun, 27 Nov 2005 09:57:34 +0100 (CET) (envelope-from sziszi@bsd.hu) X-Authentication-Warning: momo.buza.adamsfamily.xx: sziszi set sender to sziszi@bsd.hu using -f Date: Sun, 27 Nov 2005 09:57:31 +0100 From: Szilveszter Adam To: freebsd-security@freebsd.org Message-ID: <20051127085729.GA947@momo.buza.adamsfamily.xx> Mail-Followup-To: Szilveszter Adam , freebsd-security@freebsd.org References: <20051126224530.GD27757@cirb503493.alcatel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051126224530.GD27757@cirb503493.alcatel.com.au> User-Agent: Mutt/1.5.11 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 08:57:39 -0000 Hello Peter, On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote: > Overall, I believe FreeBSD could be improved by: > - Formulating and promulgating a policy for the protection and use of > FreeBSD Project DNS, keys and certificates. (The public version of > the policy does not go into explicit details but should allow an > independent observer to verify its adequacy). > - Creating a FreeBSD Release Engineering key which is used to sign > official e-mails from the release engineering team - in particular > -RELEASE announcements. > - Tying all the FreeBSD Project keys together by cross-signing them all. > - Arranging for a wider range of signatures on FreeBSD Project keys > (the SO key's already meets this). > - Investigate obtaining a X.509 certificate for the FreeBSD Project Very much seconded. The security advisories web page, for example, should be available over HTTPS and verifiable by a certificate issued by a recognized CA. Perhaps the releases page should be the same. > - Signing ISO images with a Project key and/or certificate in addition > to providing MD5 checksums. > - Investigate providing authenticated protocols for updating FreeBSD. Also, one should not forget the currently present FTP infrastructure either. While the content is publicly available, their integrity should be verifiable. The same goes for ports distfiles: ideally the should be signed, at least the checksums. The pkg_* tools AFAIK already have sig checking capability for the binary packages, but somehow this should be extended to the "build from source" version as well, particularly since this seems to be the more often used method. -- Regards: Szilveszter ADAM Budapest Hungary