From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx>
Sent: Thursday, 2008, September 04 06:24
On Wed, 2008-09-03 at 23:42 -0400, Bill Davidsen wrote:
Patrick O'Callaghan wrote:
> On Wed, 2008-09-03 at 10:30 -0400, Bill Davidsen wrote:
>> hardest of all find a secure way to provide the public part of the
>> signing key
>
> The whole point about asymmetric encryption is that you don't need a
> secure distribution channel. The worst that can happen is that some
> fake
> public key gets distributed, which won't match the private key and
> hence
> will be instantly detectable.
>
NAK - if a fake public key were distributed then packages signed with
the fake key would be matched, allowing full access to install crap in
your machine.
True.
And packages signed with any valid redhat key would be
rejected.
Which is what I said. Thus it would be noticed immediately.
The public key really must be distributed in a secure manner.
The standard way is to use certificates, but the update process isn't
set up for this AFAIK, and in any case certificates have to be
signed ... I'm sure suggestions are welcome as to how to accomplish
this.
poc
Suppose I have NO RedHat installed. I have no working computer near
me. I want to install Fedora 9. How do I establish the ability to
subject the packages to tests for being properly signed, that the
key used in the test is correct, and that I am reading and updating
from a legitimate mirror?
If this can be done once in an initial install situation it can be done
again in an update situation using the same mechanism.
{^_^}
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines