Secrecy and user trust

jdow jdow at
Fri Sep 5 06:56:32 UTC 2008

From: "Patrick O'Callaghan" <pocallaghan at>
Sent: Thursday, 2008, September 04 06:24

> On Wed, 2008-09-03 at 23:42 -0400, Bill Davidsen wrote:
>> Patrick O'Callaghan wrote:
>> > On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:
>> >> hardest of all find a secure way to provide the public part of the
>> >> signing key
>> >
>> > The whole point about asymmetric encryption is that you don't need a
>> > secure distribution channel. The worst that can happen is that some 
>> > fake
>> > public key gets distributed, which won't match the private key and 
>> > hence
>> > will be instantly detectable.
>> >
>> NAK - if a fake public key were distributed then packages signed with
>> the fake key would be matched, allowing full access to install crap in
>> your machine.
> True.
>> And packages signed with any valid redhat key would be
>> rejected.
> Which is what I said. Thus it would be noticed immediately.
>> The public key really must be distributed in a secure manner.
> The standard way is to use certificates, but the update process isn't
> set up for this AFAIK, and in any case certificates have to be
> signed ... I'm sure suggestions are welcome as to how to accomplish
> this.
> poc

Suppose I have NO RedHat installed. I have no working computer near
me. I want to install Fedora 9. How do I establish the ability to
subject the packages to tests for being properly signed, that the
key used in the test is correct, and that I am reading and updating
from a legitimate mirror?

If this can be done once in an initial install situation it can be done
again in an update situation using the same mechanism.


More information about the users mailing list