Reflections on Trusting Trust

[Peter Jeremy]

On Wed, 2005-Nov-30 19:42:50 +0100, Alexander Leidinger wrote:
> But if you get the same *wrong* data (for the PGP keys it's
>relatively easy to verify) from several locations (cvsup*.FreeBSD.org +
>cvsweb.freebsd.org + www.freebsd.org, don't forget to check if they
>point to a reasonable amount of different IP's;

Keep in mind that for most people these addresses will all go through
a single ISP.  You need to to check several locations via several
different paths (eg home and work or maybe cross-check with a friend
who uses a different ISP).

> the printed handbook
>and the handbook on the release CDs), then you have other things to
>worry about...

I agree that if Agent Smith is out to get you then you have problems.

>Assuming enough resources: ATM only by downloading all and diffing
>them. If they all match, you are either busted already since the
>attacker controls too much, or you can say the probability is high
>enough that you got a copy of the original repository.

This is non-trivial because the repository is not static and CVS
doesn't store transaction logs that would allow you to reproduce the
repository state at a point in time.

-- 
Peter Jeremy