Secrecy and user trust

jdow jdow at earthlink.net
Fri Sep 5 06:56:32 UTC 2008


From: "Patrick O'Callaghan" <pocallaghan at gmail.com>
Sent: Thursday, 2008, September 04 06:24


> On Wed, 2008-09-03 at 23:42 -0400, Bill Davidsen wrote:
>> Patrick O'Callaghan wrote:
>> > On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:
>> >> hardest of all find a secure way to provide the public part of the
>> >> signing key
>> >
>> > The whole point about asymmetric encryption is that you don't need a
>> > secure distribution channel. The worst that can happen is that some 
>> > fake
>> > public key gets distributed, which won't match the private key and 
>> > hence
>> > will be instantly detectable.
>> >
>> NAK - if a fake public key were distributed then packages signed with
>> the fake key would be matched, allowing full access to install crap in
>> your machine.
>
> True.
>
>> And packages signed with any valid redhat key would be
>> rejected.
>
> Which is what I said. Thus it would be noticed immediately.
>
>> The public key really must be distributed in a secure manner.
>
> The standard way is to use certificates, but the update process isn't
> set up for this AFAIK, and in any case certificates have to be
> signed ... I'm sure suggestions are welcome as to how to accomplish
> this.
>
> poc

Suppose I have NO RedHat installed. I have no working computer near
me. I want to install Fedora 9. How do I establish the ability to
subject the packages to tests for being properly signed, that the
key used in the test is correct, and that I am reading and updating
from a legitimate mirror?

If this can be done once in an initial install situation it can be done
again in an update situation using the same mechanism.

{^_^} 




More information about the users mailing list