Reflections on Trusting Trust
Peter Jeremy
PeterJeremy at optushome.com.au
Sun Nov 27 18:21:22 GMT 2005
On Sun, 2005-Nov-27 15:27:46 +0000, Ian G wrote:
>1. On the wider scope of your post I'd say that you
>did not present a need for an x.509 certificate
>that I could see.
PGP and X.509 have totally different trust models. The PGP Web of
Trust relies on each individual knowing and trusting a number of other
individuals - a newcomer or someone who is fairly isolated is unlikely
to have sufficient links to be able to fully participate. OTOH, the
X.509 model requires that the individual trust a central Authority -
which might be simpler for a newcomer. (I'm not going to get into a
debate on the reliability or reputation of current CAs).
>> - Signing ISO images with a Project key and/or certificate in addition
>> to providing MD5 checksums.
>
>No, all you need to do is include the checksums
>in a signed announcement. In fact, that's all
>that a common digital signature does, so you'd
>have to look at why you want more digital sigs...
It's trivial to verify an announcement signature when you receive the
e-mail. Doing so afterwards can be more problematic. Yesterday, I
grabbed the (signed) 6.0-RELEASE announcement from the mailing list
archive (http://lists.freebsd.org/pipermail/freebsd-announce/2005-November/001023.html).
Whilst the signature was still intact, the content has been changed
so the signature no longer verifies. (The changes are presumably
mechanical changes as part of its conversion from text to HTML but
undoing them would be difficult).
--
Peter Jeremy
More information about the freebsd-security
mailing list