Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From:	Robert Collins
Subject:	Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date:	Mon, 08 Dec 2003 08:33:46 +1100

On Mon, 2003-12-08 at 08:12, Karel Gardas wrote:
> > `get' doesn't check signatures in this proposal.  My reasoning is that
> > while the archive host is going to have public keys (somewhere outside
> > of where arch itself can touch them) clients running `get' generally
> > won't.
> 
> Oops, either I don't understand, or if I understand, that's IMHO no
> security at all. IMHO get _needs_ to verify signatures.

The immediate goal for GPG support, is to allow archive integrity checks
post-server-compromise - see the message from RMS in Tom's post.

Thus, having tla get check the signatures is orthogonal to the immediate
goal.

That said, having get check the signatures makes sense as a phase 2
implementation.

For users wanting to gpg check in phase 1, it's easy: archive-mirror to
the local disk, with copying signatures enabled. Then run the integrity
checking script tom proposed.

Rob
-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
  - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins <=
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
    - Re: [Gnu-arch-users] crypto sigs and _Encryption_ for arch, Paul Hedderly, 2003/12/09
  - crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
    - Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07
    - Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
    - Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
    - Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07

Prev by Date: Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch]
Next by Date: Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch]
Previous by thread: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Next by thread: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Index(es):
- Date
- Thread