On Wed, 2003-07-30 at 16:48, Aleksander Demko wrote: > On Wed, 2003-07-30 at 15:22, seth vidal wrote: > > well if its going to import the key for you what's the point of having > > it on? an attacker can just trojan the key, right? > > > > I could definitely see a point in having a default key listed that yum > > will import if it can - but how do you do that safely? > > Well, if you want to be completely secure, then yeah, you have to follow > the usual public key crypto guidelines. Either get the key directly from > the source, over a 100% secure connection or get the key signed by a > party already in your trust ring. I think both aren't very feasible for > the average user/organization. The process needs to be boot strapped > some how -- perhaps a key server, but then that could be spoofed too. > > But I guess RH decided to compromise, in the name of user friendliness, > as this is exactly what up2date does. Of course up2date only talks to > their servers so unless spoofed, a mis-matched key would be soon > discovered. Well it's not so much I want to be 'completely secure' - there is no such thing - I just want to be relatively sanely secure. what that entails I'm not certain of - so until I find an answer I'm comfy with I'd rather not give people a by-default false sense of security and raise the difficulty of getting started. -sv
