Reflections on Trusting Trust
Szilveszter Adam
sziszi at bsd.hu
Sun Nov 27 08:57:39 GMT 2005
Hello Peter,
On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote:
> Overall, I believe FreeBSD could be improved by:
> - Formulating and promulgating a policy for the protection and use of
> FreeBSD Project DNS, keys and certificates. (The public version of
> the policy does not go into explicit details but should allow an
> independent observer to verify its adequacy).
> - Creating a FreeBSD Release Engineering key which is used to sign
> official e-mails from the release engineering team - in particular
> -RELEASE announcements.
> - Tying all the FreeBSD Project keys together by cross-signing them all.
> - Arranging for a wider range of signatures on FreeBSD Project keys
> (the SO key's already meets this).
> - Investigate obtaining a X.509 certificate for the FreeBSD Project
Very much seconded. The security advisories web page, for example,
should be available over HTTPS and verifiable by a certificate issued by
a recognized CA. Perhaps the releases page should be the same.
> - Signing ISO images with a Project key and/or certificate in addition
> to providing MD5 checksums.
> - Investigate providing authenticated protocols for updating FreeBSD.
Also, one should not forget the currently present FTP infrastructure
either. While the content is publicly available, their integrity should
be verifiable. The same goes for ports distfiles: ideally the should be
signed, at least the checksums. The pkg_* tools AFAIK already have sig
checking capability for
the binary packages, but somehow this should be extended to the "build
from source" version as well, particularly since this seems to be the
more often used method.
--
Regards:
Szilveszter ADAM
Budapest
Hungary
More information about the freebsd-security
mailing list