On 17/06/16 10:33, Yui Hirasawa wrote: > >> Signing the installer script would provide only a minor increase in >> security (in that it would require the signing key to be compromised, >> rather than the nixos.org certificate). I don't object to doing that >> though. > > That is quite a major increase in security actually. Compromising a key > that can be kept offline most of the time is a lot harder than obtaining > a signed certificate for the nixos.org domain. You do not have to have > the original nixos.org certificate to perform man-in-the-middle attack. >
I agree with this. A key that is trusted itself (rather then trusting a domain name) would be a very large security increase.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
