Harpalus a Como wrote: > > What is the benefit of doing so? What's the point? Is the website so > likely > to be hacked into, that the developers need to sign all communication just > to ensure that it comes from them? There's absolutely no need to signing > errata or official communications. Name one justifiable use for them. If > the > OpenBSD developers didn't care about "secure communications", then OpenSSH > would not exist. >
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive at Nabble.com.
