Kurt Zeilenga wrote: > For instance, web_ldap says it provides a signature for a digital > release, but clicking on the link provides a page which says "Not > found".
I knew this (transition during a major OS update on my local machine). It's fixed. > But, as I noted with hashes, the fact that release messages are widely > published may make it more likely that such problems will be detected. Hashes have to be validated out-of-band each time a new release is published. The trusted keys be have to be validated out-of-band only each time a new trust anchor key is generated. > For instance, one does need to consider that > the host to sign the releases might itself been taken over and the > implications of such a takeover. There is no 100% security. I already know this. But raising security level is always an desirable goal. > Anyways, for this to go anywhere, I think you or others advocating it > need to more precisely state which attacks you concerned about, how you > think digital signatures will help, and detail requirements on that > signing (in particular, requirements on signing key so trust can be > established and maintained). I have no objections against a single release manager using his personal key or a dedicated key for OpenLDAP tar.gz signing stored in your local file system reasonably protected by a passphrase. As I see it you're the only one packaging the tar.gz. So this should not be too difficult for you. Well, if you don't want to do that then just leave it... > Note that these are human-factor attacks, not attacks based upon any > weakness in the PGP signing standards or implementations. I already know that. Ciao, Michael.
