Reflections on Trusting Trust
Peter Jeremy
PeterJeremy at optushome.com.au
Wed Nov 30 18:15:35 GMT 2005
On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote:
>Kurt Seifried <listuser at seifried.org> wrote:
>
>>should have people upload their keys. On another note I am available
>>to sign PGP keys (proving your key/identity is an excercise left to
>>the reader =),
>
>or to the signer... the keys are available in the handbook (either from
>www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc)
But how do I know that the data I download from *.freebsd.org hasn't
been tampered with? Either by a MITM attack between me and the real
*.freebsd.org site or a DNS attack redirecting me to a third site.
This was the nub of my original posting.
> And AFAIK this is all PGP is supposed to verify, that the person
>behind "user at example.tld" is the same as the person with access to the
>secret key for this address.
PGP is susceptable to MITM attacks - Ann asks Bruce for his public
key. Mallory intercepts the request and substitutes his own public
key. He can then intercept, alter and re-sign following exchanges so
neither Ann nor Bruce realise they have an intruder.
>But this assumes the signer trusts the FreeBSD.org security:
If you don't trust the FreeBSD Project you wouldn't run FreeBSD.
> Without ssh access there's no way to insert a key into the CVS
>repository.
Assuming no security holes in the infrastructure... How can I tell
that my private copy of the FreeBSD Project's CVS repository is the
same as the one on whatever.FreeBSD.org?
--
Peter Jeremy
More information about the freebsd-security
mailing list