On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: > > I'm surprised that OpenBSD (the most secure OS I know of) > > does not use it, that's all I'm saying. I also thought there would be a real > > reason for not doing so and there may in fact be and I may just be unaware > > of it. > > OpenBSD is the most secure OS, the devs know what they are doing.. and > they've rejected this as uneccessary.
I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. > You can check the MD5 files for the main distribution, and for > packages.. well the official OpenBSD mirrors are all trustworthy--if > they aren't, it will be discovered and they will no longer be official > mirrors. > This isn't a great answer, I know. Definitely not a great answer, as there are vectors of attack which cover the client acessing the mirror and not the mirror in itself, like changing on-the-fly the md5sums to match the bad binaries, etc... A digital signature would enable the non-repudiation of the fingerprints file (at least), giving a moderate level of assurance that attack vectors would have to concentrate on upstream development servers (where the devs *really* know what they are doing). Rui -- Hail Eris! Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
