On 01-07-13 23:01, Eleanor Saitta wrote: > On 2013.07.01 12.19, adrelanos wrote: >> - you still have to tell the user "you must download tool X before >> you can download Y" > > This, of course, is a global problem everywhere. A secure channel > requires a shared secret, in this case between the developers and > the end user. How does the user get their initial OS image if it > didn't come with their machine or they didn't buy it in a brick and > mortar store (both hard for FLOSS). Solutions in the non-general > case are nice, but we should also remember that we have no general > case solution either.
There is a (partial) solution for this problem. The site operator creates a server certificate. Either a global TTP or self signed. (S)He publishes it with DNSSEC and DANE. The users who want to download can verify the server certificate with the Extended DNSSEC Validator add on for Firefox. It creates a trusted path between the site and the user. Now the user can validate the site certificate and trust the hashes on the page. The reason that it's a partial solution is that it defers the trust-seed-question to the plug-in distribution channel. But that need only be solved once for the whole to benefit. The reason that the DNSSEC-chain can be trusted is that it is *politically secure*. There are too many different parties pulling in too many different directions so the net result is a stable system. Any tampering from any party will be loudly complained by any other party. The only thing you need is to Pin the DNSSEC root key into your browser. Besides we need monitoring systems such as Perspectives and Certificate Transparency in the browsers to detect DNSSEC/CA manipulations. Caveat: the Ext DNSSEC Validator is not production ready but the gist is there. I think DNSSEC may or may not be the ultimate answer but it is a good way to go forward. The 64000 dollar question: Who is going to push Mozilla in this direction? Guido. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
