Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko wrote:
Bill Davidsen wrote:


If the public/private key methods employed today are as easy to
penetrate and subvert as some seem to be claiming then one has to
question why  it hasn't already been done.

It has already been proved to be possible, so discussion of how easy
it is or way is irrelevant, at least to me.
???  It has?  So, what was done?  Was the signing key of Fedora
compromised?  Was a replacement key public key generated and
distributed? Were packages signed by the replacement key distributed?
What was "proven".

What was done was to breach security to the extent that new keys are prudent, and in a way that may not be quantifyable. The action on the RHEL side indicates that a bogus ssh package may have been distributed. I encourage you to read the announcements and see if my interpretation is not correct. A new ssh package was released "just in case," which is good procedure.

The new public key could be distributed from the master Red Hat
servers, not from mirrors, which would allow validation of the content
by the validity of the SSL certificate. Once a trusted signature is
available, all other packages, from mirror or torrent, could be
properly validated.
"Could"...how?

Sorry, I thought you understood how signing works. Once a user has a trusted "new" public key, it can be used to check the signing on any new packages. The current distribution has the ability to do this, limited by the correctness of the public key.

Note that if your system is compromised, this isn't going to be safe, many things could be faking correct operation. You can go back to the original install media and start over depending on your evaluation of exposure. Since Fedora hasn't provided a date before which packages were known to be trusted, I can't say if any updates past the install media are safe, but since they are still available I assume that's the case.

While this is inconvenient, it is also as secure as the original, and
not readily vulnerable to attacks in the distribution, since middlemen
are not involved. And once the key is out for a few days, and many
users have it and can quickly compare it to any other key distributed
by other means, then it can be sent out in a more convenient manner if
people really feel the need to trade some security for ease of use.

A whole bunch of people are wringing their hands over nothing.  I
suppose if you want to continue doing that that is your choice.

Do you personally warrant that there is no problem, and that you will make good any damage if you're wrong, and that you have the resources to do so? Didn't think so, so it isn't nothing, it's a low probability risk which can be reduced by securely distributing the new public key.

The strange things is that none of this would have come up if the
servers of Fedora hadn't been penetrated by some method which nobody on
this list is privy to...but can spend endless hours on idle speculation
and fear mongering.
[WOT comment] I suspect that those fear peddlers, if located in the US,
will also be voting for the Republican candidate.  :-)



--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux