m8il1i...@gmail.com (Kevin Chadwick), 2018.02.21 (Wed) 19:07 (CET):
> On Wed, 21 Feb 2018 10:10:30 +0100
> > I know this is a little bit farfetched, pardon my ignorence, but
> > OpenBSD seeems vulnerable on first installation. In case of DNS
> > poisoning, what can stop a virus from forwarding the installer to a
> > false SHA256.sig and false repository? My guess would be to use
> > DNSSEC and a local copy of an OpenBSD repository to avoid such issue. 
> > 
> If you boot an unverified iso, then what is to stop it replacing your
> bios?
> Authentication is always boot strapped by manual processes, including
> your resolver key! Also DNSSEC is rarely used and mostly RSA 1024 bit.
> ecdsa will hopefully get more adoption than RSA has depite I believe
> persisting to enable amplification albeit to a far smaller degree.
> T-shirts of keys were made and can be found in various places including
> youtube, worn by developers etc., so that you can verify the iso file
> before booting it.


yet another source to compare ;-)


Reply via email to