Secrecy and user trust
Anders Karlsson
anders at trudheim.co.uk
Thu Sep 4 05:37:58 UTC 2008
* Bill Davidsen <davidsen at tmr.com> [20080904 05:29]:
> Patrick O'Callaghan wrote:
>> On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:
>>> hardest of all find a secure way to provide the public part of the
>>> signing key
>>
>> The whole point about asymmetric encryption is that you don't need a
>> secure distribution channel. The worst that can happen is that some fake
>> public key gets distributed, which won't match the private key and hence
>> will be instantly detectable.
>>
> NAK - if a fake public key were distributed then packages signed with
> the fake key would be matched, allowing full access to install crap in
> your machine. And packages signed with any valid redhat key would be
> rejected.
>
> The public key really must be distributed in a secure manner.
I am sure the infrastructure team is all ears for a detailed
suggestion on how you believe this should be achieved. And with your
extensive experience in the field - you ought to be able to provide a
detailed plan of action.
It's very easy sitting at the side-line criticising, but actually
*doing* it is much harder.
IMHO - we're at the "put up or shut up" point with the criticism now.
/Anders
More information about the fedora-list
mailing list