Code signing by blood. ISAGN.
"Sorry marc - had to do it"
On 12/6/07, Jeff I. Ragland <[EMAIL PROTECTED]> wrote:
>
> On 06 Dej 2007, at 5:39 LL, bofh wrote:
>
> > You forgot one option. Invite Theo to give a talk, and ask him to
> > bring the CDs. If you can't trust Theo's CDs, all hope is lost.
>
> And how would you know that it is indeed Theo and not someone that
> looks like him? I think that blood samples and DNA tests is the only
> way to go here.
>
>
> >
> >
> > Just need to make sure there're some mountains around for Theo to go
> > climb. If you live on a flatland, then, sorry, you're doomed.
> >
> >
> > On 12/6/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> >> On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
> >>
> >>> One risk would be the plans of "online surveillance" of computers
> >>> e.g.
> >>> in Germany. One way to install surveillance even on OpenBSD would
> >>> be to
> >>> actively interfere with the internet connection with the surveilled
> >>> person, in the man-in-the-middle sense, and inject trojanned code
> >>> ("Bundestrojaner") into the updates of the victim.
> >>
> >> Using software from any source without interference from an
> >> all-pervasive government is a very special, but unfortunatly today, a
> >> very real issue for many people around the world. To be secure, you
> >> have to get pieces of the puzzle over multiple paths. It all can't
> >> come
> >> via the net since then you're open to man-in-the-middle.
> >>
> >> Key-revocation announcements could come over the net (via an announce
> >> list) but the new key would then have to come over a second channel.
> >>
> >> One second-channel option is the q6mth CD issue, which could
> >> include a
> >> new public key and e.g. known-hosts fingerprints. This is
> >> vulnerable to
> >> a very determined man-in-the-middle who can replicate and then
> >> alter the
> >> CD before it arrives to you in the mail.
> >>
> >> Another option is a trusted courier flying to Alberta and get a CD
> >> from
> >> the OpenBSD store (yeah, right).
> >>
> >> In fact, likely any other technological option (e.g. an answering
> >> machine in Alberta that spits out the alphanumerics of the current
> >> master public key) is still suceptible.
> >>
> >> If every piece of information you receive is filter through your
> >> government, is there any hand-shaking protocol that can allow you to
> >> establish a verified information connection (not necessarily
> >> encrypted)?
> >> I don't think so.
> >>
> >> Sure, Debian has signed .debs that use gpg as a back end (the
> >> system is
> >> called apt-key), it relies on you trusting the fist key that you get
> >> from them. Since Debian doesn't actually mail out its own CDs,
> >> everything is off its mirrors. apt-key only 'protects' you from a
> >> later
> >> man-in-the-middle.
> >>
> >> I think that this is the central 'problem' that people are dancing
> >> around.
> >>
> >> Personally, if this thread is to continue, I would like to see it
> >> move
> >> from a "Why doesn't OpenBSD do things this way?" to a "What are the
> >> threat models for OpenBSD identity theft and how can we protect
> >> ourselves?".
> >>
> >> Doug.
> >>
> >>
> >
> >
> > --
> > http://www.glumbert.com/media/shift
> > http://www.youtube.com/watch?v=tGvHNNOLnCk
> > "This officer's men seem to follow him merely out of idle curiosity."
> > -- Sandhurst officer cadet evaluation.
> > "Securing an environment of Windows platforms from abuse - external or
> > internal - is akin to trying to install sprinklers in a fireworks
> > factory where smoking on the job is permitted." -- Gene Spafford
> >
>
>
--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted." -- Gene Spafford
