Reflections on Trusting Trust

Alexander Leidinger netchild at FreeBSD.org
Wed Nov 30 18:42:57 GMT 2005 

On Thu, 1 Dec 2005 05:15:30 +1100
Peter Jeremy <PeterJeremy at optushome.com.au> wrote:

> On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote:
> >Kurt Seifried <listuser at seifried.org> wrote:
> >
> >>should have people upload their keys. On another note I am available 
> >>to sign PGP keys (proving your key/identity is an excercise left to 
> >>the reader =),
> >
> >or to the signer... the keys are available in the handbook (either from
> >www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc)
> 
> But how do I know that the data I download from *.freebsd.org hasn't
> been tampered with?  Either by a MITM attack between me and the real
> *.freebsd.org site or a DNS attack redirecting me to a third site.
> This was the nub of my original posting.

Yes, I know. But if you get the same *wrong* data (for the PGP keys it's
relatively easy to verify) from several locations (cvsup*.FreeBSD.org +
cvsweb.freebsd.org + www.freebsd.org, don't forget to check if they
point to a reasonable amount of different IP's; the printed handbook
and the handbook on the release CDs), then you have other things to
worry about...

> > And AFAIK this is all PGP is supposed to verify, that the person
> >behind "user at example.tld" is the same as the person with access to the
> >secret key for this address.
> 
> PGP is susceptable to MITM attacks - Ann asks Bruce for his public
> key.  Mallory intercepts the request and substitutes his own public
> key.  He can then intercept, alter and re-sign following exchanges so
> neither Ann nor Bruce realise they have an intruder.

Yes, in theory. In practice there's a point where you either say "I
trust this", or you say "if I can't trust this from this point on, I
don't have to worry about it, since I'm busted already". See above.

> >But this assumes the signer trusts the FreeBSD.org security:
> 
> If you don't trust the FreeBSD Project you wouldn't run FreeBSD.
> 
> > Without ssh access there's no way to insert a key into the CVS
> >repository.
> 
> Assuming no security holes in the infrastructure...  How can I tell

Yes.

> that my private copy of the FreeBSD Project's CVS repository is the
> same as the one on whatever.FreeBSD.org?

Assuming enough resources: ATM only by downloading all and diffing
them. If they all match, you are either busted already since the
attacker controls too much, or you can say the probability is high
enough that you got a copy of the original repository.

Bye,
Alexander.

-- 
http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7

More information about the freebsd-security mailing list