Les Mikesell wrote:
Ed Greshko wrote:
>
>>> I think you have no concept of public/private encryption or signing.
>>>
>> My concept is that if I can fool you into accepting a false public
>> key, I can sign packages with the matching false private key, and when
>> you install the first such package it may (probably will) include evil
>> things of some nature.
>>
>> Do you disagree? Or feel that if I can get you to run one evil package
>> I can't put in a root kit, or rend personal information from your
>> systems, or otherwise attack your system?
>>
>> If you feel that line of attack is not possible do tell me how your
>> concept of encryption and signing prevents it.
>>
> I thought you were talking "real world" as opposed to purely
> hypothetical.
I think it is a reasonable real world assumption that some users could
have their DNS compromised in a way that would make them pull packages
from somewhere other than the official repositories. Can any key
trust scenario where they have to obtain a new key protect against
installing modified packages? (i.e. assume that the fake key and
packages come from the same place(s) pretending to be the official
repositories and mirrors).
It would be very nice if someone would fully define what they mean by
the very vague term "fake key".
--
It is now 10 p.m. Do you know where Henry Kissinger is? -- Elizabeth
Carpenter