Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko wrote:
Ed Greshko wrote:
It would be very nice if someone would fully define what they mean by
the very vague term "fake key".
I think most of us would mean a key created by someone not part of the Fedora project, and which is intended to convince users that it is, in fact, a key created and distributed by the Fedora project and used to sign official releases.

I speak only for me, of course.

And along with that, define the method used to distribute said key in a
manner that would be oblivious to the all end users.  It has to be
oblivious to all end users such that nobody would be able to raise an
alarm in a reasonable amount of time.

Here we disagree. That's like saying that spam has to fool all readers to be worth doing. If an unauthorized key is used to cause users to install unauthorized software, then it has achieved its purpose. Note that the purpose is yet unclear, and may not exist, but once such an install takes place it could fo any or all of the following:
- steal information from a user system
- use the user system to run untrusted executables (or any kind)
- damage the reputation of Fedora and Red Hat
- damage the reputation and user trust of Linux in general
  for the purpose of reducing use of Linux vs. other operating systems

I rate the first two as likely, the third as a possible effect even if unintended, and the last as another possible effect, which might be intended.

If the public/private key methods employed today are as easy to
penetrate and subvert as some seem to be claiming then one has to
question why  it hasn't already been done.

It has already been proved to be possible, so discussion of how easy it is or way is irrelevant, at least to me.

The new public key could be distributed from the master Red Hat servers, not from mirrors, which would allow validation of the content by the validity of the SSL certificate. Once a trusted signature is available, all other packages, from mirror or torrent, could be properly validated.

While this is inconvenient, it is also as secure as the original, and not readily vulnerable to attacks in the distribution, since middlemen are not involved. And once the key is out for a few days, and many users have it and can quickly compare it to any other key distributed by other means, then it can be sent out in a more convenient manner if people really feel the need to trade some security for ease of use.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux