From owner-freebsd-questions@FreeBSD.ORG Mon Mar 3 15:50:14 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4EB743CF for ; Mon, 3 Mar 2014 15:50:14 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 268B97F9 for ; Mon, 3 Mar 2014 15:50:13 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id BCDC3CB8C9C; Mon, 3 Mar 2014 09:50:05 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 3 Mar 2014 09:50:05 -0600 (CST) Message-ID: <46383.128.135.70.2.1393861805.squirrel@cosmo.uchicago.edu> Date: Mon, 3 Mar 2014 09:50:05 -0600 (CST) Subject: Re: Cryptografically signed ISO images From: "Valeri Galtsev" To: "Elias Diem" User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal References: <20140302172759.GA4728@hp-netbook.local> <20140303152943.GA5696@hp-netbook.local> In-Reply-To: <20140303152943.GA5696@hp-netbook.local> Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: galtsev@kicp.uchicago.edu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 15:50:14 -0000 The only difference I see in general between the signature and SHA-2 hash is in a chain of trust. The rest (assurance that what you have resembles the signature in one case or SHA-2 hash in the other) is on the same level of security. Chain of trust is different though: in case of pgp or gpg signature you know the public key of signee from some published source (i.e. you trust that source). In case of SHA-2 hash you have to trust the web site that provides the hashes, which you accomplish by verifying that SSL Certificate the site presents is signed by trusted authority and by common sense (is this site related to FreeBSD thus authoritative to provide signatures or not). If someone sees mistake(s) in what I said, please, let me know. Just my 2 cents... Valeri On Mon, March 3, 2014 9:29 am, Elias Diem wrote: > I wonder what might be the reason for not providing > signatures... > > -- > Greetings > Elias > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++