Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko wrote:


I think you have no concept of public/private encryption or signing.

My concept is that if I can fool you into accepting a false public
key, I can sign packages with the matching false private key, and when
you install the first such package it may (probably will) include evil
things of some nature.

Do you disagree? Or feel that if I can get you to run one evil package
I can't put in a root kit, or rend personal information from your
systems, or otherwise attack your system?

If you feel that line of attack is not possible do tell me how your
concept of encryption and signing prevents it.

I thought you were talking "real world" as opposed to purely hypothetical.

I think it is a reasonable real world assumption that some users could have their DNS compromised in a way that would make them pull packages from somewhere other than the official repositories. Can any key trust scenario where they have to obtain a new key protect against installing modified packages? (i.e. assume that the fake key and packages come from the same place(s) pretending to be the official repositories and mirrors).

--
  Les Mikesell
   lesmikesell@xxxxxxxxx




--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux