Re: Reflections on Trusting Trust

From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 11/28/05

  • Next message: aristeu: "Re: Reflections on Trusting Trust" 
    Date: Mon, 28 Nov 2005 20:51:40 +0000 (GMT)
To: Peter Jeremy <PeterJeremy@optushome.com.au>

    On Sun, 27 Nov 2005, Peter Jeremy wrote:

    > or "How do I know my copy of FreeBSD is the same as yours?"
    >
    > I have recently been meditating on the issue of validating X.509 root
    > certificates. An obvious extension to that is validating FreeBSD
    > itself.

    This topic has come up countless times over the years, and one of the
    recurring debates that comes up with it is what it is the "Project" wants
    to promise, and whether we want to get into the business of managing lots
    of keying material. Like or not, the weaker the promises you make, the
    easier they are to keep :-). The concept of even a security officer key
    has always made me somewhat nervous -- clearly, this is a "valuable" key,
    but it's also one that has to be made available to anyone who is going to
    sign a security advisory. We have persistently signed security
    advisories, errata notes, and release announcements for the past few
    years, and the release announcements have included release checksums.

    I think it would be useful to go quite a bit further, but I think we
    should be careful to do it for pragmatic reasons, and to be very clear on
    what it is we are doing by signing things, how hard we are willing to try
    to protect the keying material, and so on.

    Robert N M Watson
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: aristeu: "Re: Reflections on Trusting Trust"

    Relevant Pages