On Wed, 2003-07-30 at 15:22, seth vidal wrote: > well if its going to import the key for you what's the point of having > it on? an attacker can just trojan the key, right? > > I could definitely see a point in having a default key listed that yum > will import if it can - but how do you do that safely? Well, if you want to be completely secure, then yeah, you have to follow the usual public key crypto guidelines. Either get the key directly from the source, over a 100% secure connection or get the key signed by a party already in your trust ring. I think both aren't very feasible for the average user/organization. The process needs to be boot strapped some how -- perhaps a key server, but then that could be spoofed too. But I guess RH decided to compromise, in the name of user friendliness, as this is exactly what up2date does. Of course up2date only talks to their servers so unless spoofed, a mis-matched key would be soon discovered. -- // Aleksander.Demko@xxxxxxxxxxxxxx ademko@xxxxxx scopira.org //
