i don't see without a signature file how you know the decryption
function succeeded and therefore returned a complete, authentic,
unaltered, package. (rather than returning garbage).
On Tue, Feb 20, 2001 at 11:35:09PM -0800, Mike Sensney wrote:
> At 12:26 AM 02/21/2001 -0600, root wrote:
>
> >Mike Sensney wrote:
> > > I may be missing something, but I think Mark was thinking about some
> > sort
> > > of public/private key signature of the whole package, not the contents.
> >
> >Interesting, but what's the point?
>
> ??Not sure what you mean?? This is what Mark asked for in his message.
>
>
> > > My thought is encrypt the package using a private key. That eliminates
> > the
> > > need for a signature file.
> > >
> > > package.lrp + private key --> encrypt --> package.crp
> > > package.crp + public key --> decrypt --> package.lrp
> >
> >It doesn't eliminate the need for a signature file at all. The method
> >you suggest does basically only two things:
> >
> >* verifies that the downloaded package is intact
> >* verifies that the creator of the package is the expected creator
>
> But this is all he needs.
>
> Boot from a write protected floppy. Locate an available file server from a
> server list on the floppy. Download the needed packages, decrypt using the
> public key and load them. Finish the boot process. You should now be in a
> known good initial state.
>
> >My method (not at all incompatible, really!) does the following:
> >
> >* verifies that the FILES are intact - which could expose system
> >compromises
> >* "tracks" changes made to a package during operation
>
> But it does not verify that the creator is the expected creator.
>
> >My method also has the benefit of a small binary; a public key
> >encryption system such as PGP requires a lot more space, as well as the
> >input of a key. If you are booting the system, this may or may not be
> >problematical; if the system is to be self-booting, then it is a BIG
> >problem - the system will wait until someone comes to give the key.
>
> Size of a public/private key decryption program might be a problem. Though
> the encryption program does not have to be on a production box.
>
> Mark stipulated that the public key will be on the floppy and the floppy
> will be write protected. Therefore there should not be any need for key
> input during the boot process.
>
> >Interesting idea, anyway.... hmm...
> >
> >PS: I trust this is *NOT* HTML-encoded... I hope...
>
> I'm using Eudora version 5.0.2 and I can't tell for sure if I'm using HTML.
>
> I think/hope I have HTML on send turned off. :)
--
mark seiden, [EMAIL PROTECTED], 1-(650) 592 8559 (voice) Pacific Time Zone
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
