Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
Subject: Re: Secrecy and user trust
From: Bill Davidsen <davidsen@xxxxxxx>
Date: Wed, 03 Sep 2008 23:42:54 -0400
In-reply-to: <1220467367.10774.12.camel@xxxxxxxxxxxxxxxxxx>
References: <48BD6B95.9030401@xxxxxxx> <544eb990809020927i313cba2bnf449e6737e67728e@xxxxxxxxxxxxxx> <48BD6CE5.3060303@xxxxxxxxx> <544eb990809020951o5270a862n461d2fb4f5c78f27@xxxxxxxxxxxxxx> <48BD7C8E.9050505@xxxxxxx> <20080902135544.4sgel1t94c0sco84-zeznkk@xxxxxxxxxxxxxxxxxxx> <48BDA778.3020002@xxxxxxxxx> <20080902210444.GE3924@xxxxxxxxxxxxxxxxxxxxx> <g9m66m$mae$1@xxxxxxxxxxxxx> <1220467367.10774.12.camel@xxxxxxxxxxxxxxxxxx>
Reply-to: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061105 SeaMonkey/1.0.6

Patrick O'Callaghan wrote:

On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:

hardest of all find a secure way to provide the public part of thesigning key


The whole point about asymmetric encryption is that you don't need a
secure distribution channel. The worst that can happen is that some fake
public key gets distributed, which won't match the private key and hence
will be instantly detectable.

NAK - if a fake public key were distributed then packages signed withthe fake key would be matched, allowing full access to install crap inyour machine. And packages signed with any valid redhat key would berejected.


The public key really must be distributed in a secure manner.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Follow-Ups:
- Re: Secrecy and user trust
  - From: Aldo Foot
- Re: Secrecy and user trust
  - From: Patrick O'Callaghan
- Re: Secrecy and user trust
  - From: Anders Karlsson

References:
- Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Les Mikesell
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: John Aldrich
- Re: Secrecy and user trust
  - From: Travis Arnold
- Re: Secrecy and user trust
  - From: Anders Karlsson
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Patrick O'Callaghan

Prev by Date: Re: InDependance
Next by Date: Re: InDependance
Previous by thread: Re: Secrecy and user trust
Next by thread: Re: Secrecy and user trust
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux