Jeff Spaleta wrote, On 09/04/2008 07:22 PM:
A really long email, read it here:
https://www.redhat.com/archives/fedora-list/2008-September/msg00523.html
0) Although it has been stated that the old fedora key's pass phrase was not
used during the exposure, it is intimated that the soft version of the private
key was available on the machine and could have been copied by the 'agent'.
I, and I believe Bill & Bruno, see this as Someone other than authorized
Fedora representatives have opportunity to have the pass phrase protected
private key, and time to beat on the pass phrase, which means to us the key IS
compromised.
You and a few others, give the appearance that this means nothing.
1) we agree that the best web of trust is generated when ALL of the parties
have physically met and verified each other, i.e., 1 meeting for every public
key I have, granted that's not a web.
2) we apparently do not agree that
(Assuming I like the way A and C verify the folks they sign for.)
if I met A and C and exchanged keys with them, and I get a public key for B
that was signed by A and C in an email from B, then I can trust the key to be
from B, and after some getting to know B, I might even be sane in accepting a
key for D that was signed by B who I have still never met in person.
3) you apparently believe that RPM must be able to directly use these signatures.
I believe The extra signatures are for USERS to VERIFY _before_ feeding the
DATA of the KEY to RPM.
Do I believe in our current climate (crypto education level) that a large
percentage of Fedora users will take advantage of this out of band data? NO.
Will a reasonable percentage of those who need to use fedora (think support
for new hardware or and algorithms not yet in RHEL), and are supposed to use
due care|diligence in their job, take advantage of this out of band data? I
believe the answer to be YES.
4) So far the only signature on 0X4F2A6FD2 (the old key) that I have _some_
trust in is from 0xDB42A60E.
5) we both agree that a key that is JUST signed by random internet users who
were not given the key data securely from the physical machine to be of little
to no value.
However I may be under the mistaken idea that a few of the folks who
are community members, actually work and live very near Red Hat's brick and
mortar location. And I could be under the further mistaken idea that a subset
of those might actually be willing to make the trip to get the key and begin
the web.
BTW, I consider many of the Red Hat employees to be part of the Fedora community.
6) you and apparently disagree that OUT OF BAND conformation of data has
value. Where in band would be a signature RPM could use.
7) I believe communicating on this list and suggesting that I would like to
see out of band data created, counts as 'talking' to some of the 3rd parties I
would like to see sign the data. It appears in your message that you do not.
8) to answer the question of "Who should be the first to sign the key?":
SOME ENTITY IS USING THE NEW KEY TO SIGN NEW PACKAGES... CORRECT?
https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01310.html
That entity would be the logical choice for _one_ of the first signatures
placed on the public key, even if _I_ don't have them as an ultimately trusted
source.
9) RE:
> At best we could maybe get the release engineering people who have
> direct access to the key to create detached signatures, <SNIP>
> Are those people in your web of trust?
Not sure, funny thing about a web of trust, a person knows a couple of other
folks and they intern know a few folks...
Oh and there the, very near the signing machine, persona of
<security@xxxxxxxxxx> and <secalert@xxxxxxxxxx> which are probably already
fairly protected by the policies of the company standing behind them.
10) RE:
> We don't have
> a compelling reason to distribute those detached signatures as part of
> the fedora-release package which will contain the key.
Note that the only detached signatures which I ever suggest should be
distributed with the fedora-release package were of a Fedora master key
persona that does not YET exist.
Think about "PKI" a little bit,
is "GTE CyberTrust Global Root" Serial Number 01:A5 a person?
is "Akamai Subordinate CA 3" Serial Number 04:00:04:03 a person?
is "www.redhat.com" Serial Number 01:00:00:00:00:01:17:6B:14:92:65 a person?
we both know the answer is NO to all the above, and we both know that for the
persona "Akamai Subordinate CA 3" and the persona "GTE CyberTrust Global Root"
ultimately a (probably trust-able) person enters appropriate data under
appropriate rules to make the key available for the encryption system to sign
other data.
And we both trust it every time we go to https://www.redhat.com/archives/fedora-*
I am asking that the fedora project create a 'root' that will be protected
appropriately so it can be ultimately trusted into the future, so the PROJECT
can vouch for any other NEW keys they HAVE to distribute, so that the new key
can be trusted AS SOON as it is made available. And I am proposing
that it will, by the time it is needed, be trusted much as the keys we have
for <security@xxxxxxxxxx> and <secalert@xxxxxxxxxx>, i.e., some have chains
that go to the source, others will trust based on age and lack of complaints.
BTW infrastructure folks and J. Keating, I think you have been doing the best
job possible. What you see in this message is my attempt at a discussion
mostly over policy.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines