Ed Greshko wrote:
Ed Greshko wrote:
It would be very nice if someone would fully define what they mean by
the very vague term "fake key".
I think most of us would mean a key created by someone not part of the
Fedora project, and which is intended to convince users that it is, in
fact, a key created and distributed by the Fedora project and used to
sign official releases.
I speak only for me, of course.
And along with that, define the method used to distribute said key in a
manner that would be oblivious to the all end users. It has to be
oblivious to all end users such that nobody would be able to raise an
alarm in a reasonable amount of time.
Here we disagree. That's like saying that spam has to fool all readers
to be worth doing. If an unauthorized key is used to cause users to
install unauthorized software, then it has achieved its purpose. Note
that the purpose is yet unclear, and may not exist, but once such an
install takes place it could fo any or all of the following:
- steal information from a user system
- use the user system to run untrusted executables (or any kind)
- damage the reputation of Fedora and Red Hat
- damage the reputation and user trust of Linux in general
for the purpose of reducing use of Linux vs. other operating systems
I rate the first two as likely, the third as a possible effect even if
unintended, and the last as another possible effect, which might be
intended.
If the public/private key methods employed today are as easy to
penetrate and subvert as some seem to be claiming then one has to
question why it hasn't already been done.
It has already been proved to be possible, so discussion of how easy it
is or way is irrelevant, at least to me.
The new public key could be distributed from the master Red Hat servers,
not from mirrors, which would allow validation of the content by the
validity of the SSL certificate. Once a trusted signature is available,
all other packages, from mirror or torrent, could be properly validated.
While this is inconvenient, it is also as secure as the original, and
not readily vulnerable to attacks in the distribution, since middlemen
are not involved. And once the key is out for a few days, and many users
have it and can quickly compare it to any other key distributed by other
means, then it can be sent out in a more convenient manner if people
really feel the need to trade some security for ease of use.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines