From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 18:21:22 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3811C16A41F for ; Sun, 27 Nov 2005 18:21:22 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail28.syd.optusnet.com.au (mail28.syd.optusnet.com.au [211.29.133.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D8BD43D55 for ; Sun, 27 Nov 2005 18:21:20 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail28.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jARILHeO009268 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 28 Nov 2005 05:21:19 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jARILGHh030480; Mon, 28 Nov 2005 05:21:16 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jARILGwk030479; Mon, 28 Nov 2005 05:21:16 +1100 (EST) (envelope-from pjeremy) Date: Mon, 28 Nov 2005 05:21:16 +1100 From: Peter Jeremy To: Ian G Message-ID: <20051127182116.GA30426@cirb503493.alcatel.com.au> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4389D072.2030502@iang.org> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 18:21:22 -0000 On Sun, 2005-Nov-27 15:27:46 +0000, Ian G wrote: >1. On the wider scope of your post I'd say that you >did not present a need for an x.509 certificate >that I could see. PGP and X.509 have totally different trust models. The PGP Web of Trust relies on each individual knowing and trusting a number of other individuals - a newcomer or someone who is fairly isolated is unlikely to have sufficient links to be able to fully participate. OTOH, the X.509 model requires that the individual trust a central Authority - which might be simpler for a newcomer. (I'm not going to get into a debate on the reliability or reputation of current CAs). >> - Signing ISO images with a Project key and/or certificate in addition >> to providing MD5 checksums. > >No, all you need to do is include the checksums >in a signed announcement. In fact, that's all >that a common digital signature does, so you'd >have to look at why you want more digital sigs... It's trivial to verify an announcement signature when you receive the e-mail. Doing so afterwards can be more problematic. Yesterday, I grabbed the (signed) 6.0-RELEASE announcement from the mailing list archive (http://lists.freebsd.org/pipermail/freebsd-announce/2005-November/001023.html). Whilst the signature was still intact, the content has been changed so the signature no longer verifies. (The changes are presumably mechanical changes as part of its conversion from text to HTML but undoing them would be difficult). -- Peter Jeremy