F21 Self Contained Change: Security Policy In The Installer

Eric H. Christensen sparks at fedoraproject.org
Fri Mar 14 19:00:47 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, Mar 14, 2014 at 12:38:59PM -0400, Jan Lieskovsky wrote:
> > On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote:
> > 
> > > I disagree with this assessment.  The workstation is exactly where much of
> > > these hardening needs to take place.  I can't see an installation that
> > > wouldn't benefit from this feature.
> > 
> > If there's a default policy that would make sense for most workstation
> > users, we should just make that the default.
> 
> I am afraid there isn't a default policy that would suit every possible
> use case Fedora OS can be used at. Yes, there's something like "common
> understanding / agreement" which technologies can be considered safe at
> current level of (security) knowledge (i.e. that certain cryptographic
> algorithms should be preferred for usage before the others etc.)

While I agree with this we can make some obvious suggestions to users.  (See below WRT defaults.)

> > If there isn't, how are we
> > going to educate users as to which choice they should be making?
> 
> We can do the following (three alternatives comes to mind):
> * use sane defaults, allow the less secure ones (if I am not wrong
>   this is the current approach),

Yeah, this doesn't happen.  Defaults generally allow dumb things to happen in the name of interoperability (someone might be still using IE 2).  I'll point to the default setup of GnuPG as a perfect example.  It defaults to SHA-1 signatures instead of SHA-2.  If someone is still running a version of PGP, OpenPGP, or GnuPG that doesn't currently support SHA-2 then you really need to upgrade (there are vulnerabilities in your version!).  I note SHA-1 signatures on most everyone's message in spite of the known weaknesses and advice to now use a SHA-2 hash.

> * use and enforce sane defaults (prohibiting users from using the less
>   secure ones). Not good since they might turn back,

I like prohibiting dumb things from happening but then things that JustWork(TM) will start to break since they haven't been updated since 2005.  :)

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTI1HcAAoJEB/kgVGp2CYvK5oL/27RKwMmt3SPx8MgX1Y/6qr3
AufUJ1PP7L9Jn/WQyePsUrANlkJQ3QYG2OA5ar4NXODbOKvgLSCXcToeL5qQR3CJ
Pq0GW0wMG0waVwVLca0V7aixwRy27+860eLre49GMwpCsrQt+1AFpW0FV7gnXYbp
Xjq67k41P8zqoGyDlOg564Z4NmtS4lpxpDDJ8Nym2e4DnkaMmGOCjXJpGI7K9A6x
mSJzDIn/pfE6iFYWuV7/AM1yAD2RBYlPifnzHaMvU2d/bR+d1eQBUXiSiV4nN4Ks
xgcL//DpDPeeInT+KUKrZ5EFtazTLcKk/Wk131WwUbIXSsFduOZKflUbIOUVWYMp
4X9lkAw6qahD/Ktn7/4ZONvUH3pTPnwaJzmzSlJXT4uwXOzxK1MMb4vK4jdDj4ux
X8ZstWg20Q7Ys4GOoU/AWPCs0Vqm4w9nU6gi/g86VFBV1DruDaFitADgQkkR49Ij
yfG+hhaeWPwUTQ3M6BJBO7i2cpbGRvMalVNdPjhisA==
=isNX
-----END PGP SIGNATURE-----

More information about the devel mailing list