On Fri, Jan 07, 2005 at 01:25:25PM +0100, Ralf Ertzinger wrote:
> Hi.
>
> Jay Turner <jkt@xxxxxxxxxx> wrote:
>
> > Security. It's generally a good idea to validate that the key you're
> > adding to the keyring is really the one that you think it is, and if
> > this keyring addition were done automatically, then someone could switch
> > out the keys, thus a malicious key would be automatically added to the
> > keyring. Things start to go downhill from that point.
>
> Well, I generally have to trust the media I install from anyway, so what
> is the point in treating a single file different from all the others?
There's a hierarchy there. Step 1 is validating that the signing key you
have indeed came from the source you think it did (in this case Red Hat.)
Once you establish that it's a known entity, then all of the packages on
the Red Hat media (be it RHEL or Fedora) are signed with that key, so at
that point you know that all of the packages originated from Red Hat as
well (or the Fedora project in the case of Fedora.) So you don't "have to
trust the media [you] install from anyway" as the that content can be
verified just as the key itself can.
A good analogy would be your house/apartment/flat. In order to be secure,
you more than likely make sure that the windows and exterior doors of the
place are secure, and not bother to secure all of the interior doors as
well. That's because if a thief can't get through the exterior protection,
there's no reason to worry about him getting through the interior
protection. Same thing with the software. If you know that the key that
signed all of the packages is "good", and you know that all of the packages
are signed with the "good" key, then you know that all of the software
resulting from that install is also "good" (from a trusted standpoint.)
- jkt
--
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*
Jay Turner, QA Technical Lead jkt@xxxxxxxxxx Red Hat, Inc.
If I had only known, I would have been a locksmith.
- Albert Einstein
