Date: Sat, 21 Jun 2003 20:36:25 -0700 From: David Schultz <das@FreeBSD.org> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: chat@FreeBSD.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <20030622033625.GA60460@HAL9000.homeunix.com> In-Reply-To: <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca> References: <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 22, 2003, Colin Percival wrote: > At 18:18 21/06/2003 -0700, David Schultz wrote: > >We already have MD5 checksums of each port, so all it takes is to > >have so@ sign a MAC for the entire ports tree. > > Yes, I'm sure the security officers would be delighted to login and > enter a PGP passphrase every time someone commits something to the ports > tree. ;) > > > Now doing > >something more sophistocated and seamless would be a little bit > >more effort... > > What we need is something integrated into the CVS system which rebuilds > the necessary signatures every time the ports tree is modified, and commits > those into the CVS tree. Any CVS experts around who could say how to do > this? You don't even have to do that. The tree just needs to be signed once for every release. Signing it more often requires that the key be online, which is not a good idea from a security point of view. That's why DNSSEC and other protocols that have a signature-based infrastructure allow for offline signing. I don't see why people need to update their ports tree more often than once a release. Granted, anyone who wanted to offer a (less secure) daily port tree signing service or something, they could easily do so with access to cvsup-master. (It used to be you could talk to jdp@ for this; I'm not sure who is responsible now.) Actually, I'm not sure whether cvsup's authentication is one-way or two-way, though.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030622033625.GA60460>