Secrecy and user trust

Todd Zullinger tmz at pobox.com
Thu Sep 4 01:49:34 UTC 2008


Kevin Fenzi wrote:
> On Wed, 03 Sep 2008 10:30:39 -0400
> davidsen at tmr.com (Bill Davidsen) wrote:
[...]
>> and then hardest of all find a secure way to provide the public part
>> of the signing key. Obviously you don't risk letting someone slip in
>> a bogus NEW fake key and go around on this again.
> 
> Indeed. 
> 
> The proposed plan (that has since had a few modifications): 
> http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html

Since rpm/yum don't have any method to handle a key revocation, this
process is harder than it might otherwise be.  As I understand the
plan currently, the new key will be included in an updated
fedora-release package that will be signed by the old key.  This will
make the change as transparent as possible for most users and since it
is not believed that the old key is compromised at this time, it is
reasonably secure. (Insert various caveats regarding the meaning of
"reasonably secure" and "not believed ... compromised ..." as needed.)

I presume that the new key's fingerprint and other details will be
added to https://fedoraproject.org/keys sometime soon and that can be
used by those who want a bit more verification of the new key before
trusting it.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sanity is the trademark of a weak mind.
    -- Mark Harrold

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080903/2fe544eb/attachment-0001.sig>


More information about the fedora-list mailing list