> I agree with this. A key that is trusted itself (rather then trusting a > domain name) would be a very large security increase.
I agree too. And this more or less the way taken by RPM / DPKG that ship their trusted key on the client side when you install a new repository instead of relying on any CA or PGP keyserver. Adev Le 17/06/2016 16:35, Kevin Cox a écrit : > On 17/06/16 10:33, Yui Hirasawa wrote: >>> Signing the installer script would provide only a minor increase in >>> security (in that it would require the signing key to be compromised, >>> rather than the nixos.org certificate). I don't object to doing that >>> though. >> That is quite a major increase in security actually. Compromising a key >> that can be kept offline most of the time is a lot harder than obtaining >> a signed certificate for the nixos.org domain. You do not have to have >> the original nixos.org certificate to perform man-in-the-middle attack. >> > I agree with this. A key that is trusted itself (rather then trusting a > domain name) would be a very large security increase. > > > > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
