Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko wrote:
Ed Greshko wrote:
It would be very nice if someone would fully define what they mean by
the very vague term "fake key".


In this context it would one that a user would install that was not the one officially created for the packages in the fedora repository.

And along with that, define the method used to distribute said key in a
manner that would be oblivious to the all end users.

It doesn't have to fool all the end users, just you. Or someone with content worth stealing, or on a network worth penetrating.

It has to be
oblivious to all end users such that nobody would be able to raise an
alarm in a reasonable amount of time.

What's a reasonable amount of time? A victim would notice if/when they manage to get an official RPM that the key doesn't match (unless their subverted packages remove the check) and might or might not do something besides import the correct key.

If the public/private key methods employed today are as easy to
penetrate and subvert as some seem to be claiming then one has to
question why  it hasn't already been done.

It's not easy to fool everyone. The question is whether there is a way to start from scratch so you can't fool anyone.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux