On Friday 22 August 2008 04:30:09 pm John Gilmore wrote: > Isn't it interesting how we have all this public-key infrastructure > to secure all these key projects -- but every few years we throw it all > out the window and start over -- based on insecure email messages! > > > However if you don't replace the certs you will not have access to > > cvs or the buildsystem. they are using only the new certs and > > checking the crl. > > This sounds even fishier to me. > > Let's suppose the servers were broken into and severely compromised. (*) > What could the miscreants have done that would invalidate every > end-user's existing client certificate?
nothing. It has been in the pipeline for a while to be replaced. As it was say you lost your cert. which what we issued was a key and a signed certificate. we had no way to revoke that certificate. we took the downtime to implement the changes as a precautionary measure and to enable things to be easier in the future. in the past we had a user paste his cert and key publicly. we ended up changing his username to ensure no one used the certificate/key to do something bad. this was a big gap in the way things were setup initially. https://www.redhat.com/archives/fedora-infrastructure-list/2008- March/msg00155.html lists the plans to replace it it had been brought up a few times before that also. but that's when we formally started working on getting it replaced. > There was no break-in to the clients. Why should the clients need to > replace anything? Has the server lost its ability to validate the > signature on the client certs? > > There may be large amounts of hassle coming for every Fedora end-user > who wants to be able to download only signed packages (if, out of what > they describe as an abundance of caution, Fedora changes the signing > key for the whole distro). But why also make unnecessary(**) hassle > for every Fedora developer? because of bad design decisions way back when all user certs were issues with a serial of 00. while the changes are slim to remote rather than assume no one has certs with higher serial numbers. we made sure that certificates are accounted for. Dennis
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
