Secrecy and user trust

Bill Davidsen davidsen at tmr.com
Fri Sep 5 14:03:59 UTC 2008


Ed Greshko wrote:
> Patrick O'Callaghan wrote:
>> The hypothetical scenario being discussed is that you have already
>> replaced the former (good but now possibly suspect) public key with a
>> spurious new one. If that were to happen, you would be in danger of
>> accepting trojanned packages signed with this new fake key. My point is
>> that you would also *reject* packages signed with the new good key, and
>> this would be noticed very quickly (basically the next time you did an
>> update).
>>   
> That is an extremely unlikely possibility as you have to generate a key
> with the same key id (fingerprint)as the original.  Also, you have to
> determine how to trick all users in to replacing the original. 
> 

All users? This is like spam email, you only need to succeed in a few 
cases to get benefit. And distributing the fingerprint assumes you can 
do that securely as well.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot




More information about the fedora-list mailing list