Bill Davidsen wrote: > Ed Greshko wrote: >> Bill Davidsen wrote: >>> Ed Greshko wrote: >>>> Patrick O'Callaghan wrote: >>>>> The hypothetical scenario being discussed is that you have already >>>>> replaced the former (good but now possibly suspect) public key with a >>>>> spurious new one. If that were to happen, you would be in danger of >>>>> accepting trojanned packages signed with this new fake key. My >>>>> point is >>>>> that you would also *reject* packages signed with the new good >>>>> key, and >>>>> this would be noticed very quickly (basically the next time you >>>>> did an >>>>> update). >>>>> >>>> That is an extremely unlikely possibility as you have to generate a >>>> key >>>> with the same key id (fingerprint)as the original. Also, you have to >>>> determine how to trick all users in to replacing the original. >>> All users? This is like spam email, you only need to succeed in a few >>> cases to get benefit. And distributing the fingerprint assumes you can >>> do that securely as well. >>> >> I think you have no concept of public/private encryption or signing. >> > My concept is that if I can fool you into accepting a false public > key, I can sign packages with the matching false private key, and when > you install the first such package it may (probably will) include evil > things of some nature. > > Do you disagree? Or feel that if I can get you to run one evil package > I can't put in a root kit, or rend personal information from your > systems, or otherwise attack your system? > > If you feel that line of attack is not possible do tell me how your > concept of encryption and signing prevents it. > I thought you were talking "real world" as opposed to purely hypothetical. -- "I am your density." -- George McFly in "Back to the Future" -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines