Date: Mon, 3 Mar 2014 09:50:05 -0600 (CST) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Elias Diem" <lists@webconect.ch> Cc: freebsd-questions@freebsd.org Subject: Re: Cryptografically signed ISO images Message-ID: <46383.128.135.70.2.1393861805.squirrel@cosmo.uchicago.edu> In-Reply-To: <20140303152943.GA5696@hp-netbook.local> References: <20140302172759.GA4728@hp-netbook.local> <20140303152943.GA5696@hp-netbook.local>
next in thread | previous in thread | raw e-mail | index | archive | help
The only difference I see in general between the signature and SHA-2 hash is in a chain of trust. The rest (assurance that what you have resembles the signature in one case or SHA-2 hash in the other) is on the same level of security. Chain of trust is different though: in case of pgp or gpg signature you know the public key of signee from some published source (i.e. you trust that source). In case of SHA-2 hash you have to trust the web site that provides the hashes, which you accomplish by verifying that SSL Certificate the site presents is signed by trusted authority and by common sense (is this site related to FreeBSD thus authoritative to provide signatures or not). If someone sees mistake(s) in what I said, please, let me know. Just my 2 cents... Valeri On Mon, March 3, 2014 9:29 am, Elias Diem wrote: > I wonder what might be the reason for not providing > signatures... > > -- > Greetings > Elias > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46383.128.135.70.2.1393861805.squirrel>