Cryptografically signed ISO images
Valeri Galtsev
galtsev at kicp.uchicago.edu
Mon Mar 3 15:50:14 UTC 2014
The only difference I see in general between the signature and SHA-2 hash
is in a chain of trust. The rest (assurance that what you have resembles
the signature in one case or SHA-2 hash in the other) is on the same level
of security. Chain of trust is different though: in case of pgp or gpg
signature you know the public key of signee from some published source
(i.e. you trust that source). In case of SHA-2 hash you have to trust the
web site that provides the hashes, which you accomplish by verifying that
SSL Certificate the site presents is signed by trusted authority and by
common sense (is this site related to FreeBSD thus authoritative to
provide signatures or not).
If someone sees mistake(s) in what I said, please, let me know.
Just my 2 cents...
Valeri
On Mon, March 3, 2014 9:29 am, Elias Diem wrote:
> I wonder what might be the reason for not providing
> signatures...
>
> --
> Greetings
> Elias
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list