Secrecy and user trust
Bill Davidsen
davidsen at tmr.com
Fri Sep 5 14:03:59 UTC 2008
Ed Greshko wrote:
> Patrick O'Callaghan wrote:
>> The hypothetical scenario being discussed is that you have already
>> replaced the former (good but now possibly suspect) public key with a
>> spurious new one. If that were to happen, you would be in danger of
>> accepting trojanned packages signed with this new fake key. My point is
>> that you would also *reject* packages signed with the new good key, and
>> this would be noticed very quickly (basically the next time you did an
>> update).
>>
> That is an extremely unlikely possibility as you have to generate a key
> with the same key id (fingerprint)as the original. Also, you have to
> determine how to trick all users in to replacing the original.
>
All users? This is like spam email, you only need to succeed in a few
cases to get benefit. And distributing the fingerprint assumes you can
do that securely as well.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list