Secrecy and user trust
Les Mikesell
lesmikesell at gmail.com
Sun Sep 7 21:03:27 UTC 2008
Ed Greshko wrote:
>
>>> I think you have no concept of public/private encryption or signing.
>>>
>> My concept is that if I can fool you into accepting a false public
>> key, I can sign packages with the matching false private key, and when
>> you install the first such package it may (probably will) include evil
>> things of some nature.
>>
>> Do you disagree? Or feel that if I can get you to run one evil package
>> I can't put in a root kit, or rend personal information from your
>> systems, or otherwise attack your system?
>>
>> If you feel that line of attack is not possible do tell me how your
>> concept of encryption and signing prevents it.
>>
> I thought you were talking "real world" as opposed to purely hypothetical.
I think it is a reasonable real world assumption that some users could
have their DNS compromised in a way that would make them pull packages
from somewhere other than the official repositories. Can any key trust
scenario where they have to obtain a new key protect against installing
modified packages? (i.e. assume that the fake key and packages come from
the same place(s) pretending to be the official repositories and mirrors).
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list