On Oct 9, 2008, at 12:00 PM, Lev Lvovsky wrote:
thank you *Jeff*!
The first response in the link provided just seemed a little off-
base to me. There's nothing intrinsically more secure about me
typing in some passphrase vs. an automated procedure just skipping
the step - AFAIK, GPG is used to provide file signature verification
(along with mdt5 and whatever other hash algo. is employed). But
it's also used to verify the entity that the RPM came from - an
identity which the installer chooses to trust, passphrase
notwithstanding. Am I missing something there?
There are two issues that you are attaching to signing:
1) Point of origin
2) untampered guarantee
They are really separate issues.
FWIW, RPMTAG_COOKIE was rpm's attempt to pin down origin
sufficiently well. That string has the fully qualified host name as
well as a time stamp.
Yes both DNS and time can be wrong or maliciously tampered with.
Yes there is information leakage of build system internals through
RPMTAG_COOKIE too.
But RPMTAG_COOKIE could be used to split point-of-origin from
untampered if some other content were supplied there instead.
And if anyone knows a signing algorithm that does not require
a pubkey distribution framework in order for end-user to verify
integrity, I'll
be happy to just automate the integrity signing within rpmbuild
everywhere and always.
I'll check out keyutils - thank you very much for your help Jeff!
Note that keyutils also has a way to provide an asynchronous callback,
with negative "NOKEY" return caching to avoid pointless overhead,
as well.
keyutils == nice stuff
73 de Jeff
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list
