Martin Sehnoutka wrote: > This system has other advantages as well: > * it can automatically install keys for 3rd party repos and verify > them using the DNSSEC trust anchor which is preinstalled on the system RPM Fusion is an example of such a third-party repo. To use packages from RPM Fusion you'll first manually download and install the rpmfusion-free-release package, which contains the repo files and keys. Suppose a bad guy has somehow tricked you into downloading a malicious version of rpmfusion-free-release. The package is signed by brad.guy@malicious.example, and the key is published in the domain malicious.example. All the DNSsec signatures are in perfect order, so you can be quite sure that the key really does belong to brad.guy@malicious.example. Do you trust Brad? Should you install the package? Obviously we want a package signed by an attacker to fail the verification. Section 3 of your thesis describes how the modified DNF uses DNSsec to verify that the key is valid for the stated email address, but I don't see anything about how it decides whether the email address is correct for the repository, or whether the person behind that email address is trusted. You state that the DNS server isn't necessarily in the same domain as the repository, so it's not as simple as comparing the domain names. Could you explain how the email address is validated? Björn Persson
Attachment:
pgpZWMWtrBjPo.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
