As far as packages go, we know how to do signing. At least the technical
part.
The issue is not technical.
As always with distributed authentication schemes.
2007/12/5, Marco Peereboom [EMAIL PROTECTED]:
have you ever wondered why openbsd doesn't do binary updates?
And what are package updates?
Does pkg_add -u even check an e.g. md5 or does it trust the server?
Best
Martin
On Thu, Dec 06, 2007 at 12:37:19PM +0800, Lars Hansson wrote:
On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the
On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote:
blah blah blah
have you ever wondered why openbsd doesn't do binary updates?
I'm not talking about updates, I can read C.
maybe you are now going to be able to figure out why we don't need
complex signing mechanisms.
You're
Hi!
On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote:
On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote:
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community? Knowing that xyz binary is signed by OpenBSD for
distribution or abc email came from
Hi!
On Wed, Dec 05, 2007 at 01:24:49PM -0700, Bob Beck wrote:
If you want a secure binary. buy an official CD.. This is
what most people do. PKI requires infrastructure that would cost OpenBSD
money and developer time. Official CD's keep OpenBSD alive.
Doesn't help you if you want fixes
Hi!
On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote:
[...]
You know, you're descending into a recursive loop of if, if, if... and
it never ends. OF COURSE if someone breaks into the site they could
do things--once you've lost control of your site all bets are off. I dare
say that
Hannah Schroeter wrote:
...
As the talk about those online surveillance plans includes talk about
tailored attacks for each victim, they could investigate which OS one
uses and which ways of updating, so they could tailor their attack
vector appropriately.
...
Some of this is mitigated in
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to revoke a key if there ever
was a problem.
Hi!
On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote:
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to
Hi!
On Thu, Dec 06, 2007 at 01:12:02PM +0200, Lars Noodin wrote:
Hannah Schroeter wrote:
...
As the talk about those online surveillance plans includes talk about
tailored attacks for each victim, they could investigate which OS one
uses and which ways of updating, so they could tailor their
Hannah Schroeter wrote:
...
AFS is also encrypted, but unless its used to
get all the tarballs and make them accessible locally (e.g. make a cd)
it's not a help during the installation.
I don't know enough about AFS to say anything about how to secure it
from the beginning on.
I'm not
At this point, it's probably a good idea to point out there's a paper
called Trusting Trust about your everyday C compiler...
On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote:
Hannah Schroeter wrote:
...
AFS is also encrypted, but unless its used to
get all the tarballs and make them
On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
One risk would be the plans of online surveillance of computers e.g.
in Germany. One way to install surveillance even on OpenBSD would be to
actively interfere with the internet connection with the surveilled
person, in the
bofh wrote:
At this point, it's probably a good idea to point out there's a paper
called Trusting Trust about your everyday C compiler...
Yeah. It recently disappeared from the ACM's web site after 11+ years
of availability:
http://www.acm.org/classics/oct95/
There is, fortunately, the
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more active threat, especially to OpenBSD.
cui bono?
If we assume for the sake
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
Just need to make sure there're some mountains around for Theo to go
climb. If you live on a flatland, then, sorry, you're doomed.
On 12/6/07, Douglas A. Tutty
That's why I always hand enter, in binary, by toggling switches on the
front of my box[1] when I start a new system.
[1]. What, you never pressed the power button
On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote:
bofh wrote:
At this point, it's probably a good idea to point out there's a
hitler already
On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote:
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more
On Thu, Dec 06, 2007 at 09:08:56AM -0600, Marco Peereboom wrote:
hitler already
Here is yours :
++
| 1 Godwin point |
++
Bye
--
unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ;
yes ; fsck ; umount ; sleep
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
It's not really OpenBSD's problem that some companies implement pointless
security policies.
I'm not discussing wether its
On 06 NN5N: 2007, at 5:39 NN, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
And how would you know that it is indeed Theo and not someone that
looks like him? I think that blood samples and
Code signing by blood. ISAGN.
Sorry marc - had to do it
On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote:
On 06 Dej 2007, at 5:39 LL, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
And
On Thu, Dec 06, 2007 at 09:39:35AM -0600, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
He doesn't have to bring the CDs, just in the speach give the MD5 (or
other more secure [sha?} sum for an
On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote:
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more active threat,
Hi!
On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote:
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to
bofh wrote:
Code signing by blood. ISAGN.
Sorry marc - had to do it
what if theo is a person of interest, has his endpoint surveilled and
his key and passphrase are compromised? if somebody stole a pint of
blood, that could go a long way in your proposed plan...
short of having a
Ted Unangst wrote:
give it a rest guys.
Ted says everything is ok. We can pack up and call it a day, knowing
that everything's settled once and for all.
Seriously, if the process has been already worked out, then point to
where it is written up. Maybe we're not looking in the right part of
give it a rest guys.
has anyone ever actually been the victim of some
government/corporate/the man attack where they slipped trojan
openbsd binaries to you?
do you have any idea how hard it really is to mount such an attack?
without being detected? and what's the trojan going to do? copy all
Since this thread is both TOP and BOTTOM posted, I am going UPPER MIDDLE post.
bofh wrote:
Code signing by blood. ISAGN.
Sorry marc - had to do it
what if theo is a person of interest, has his endpoint surveilled and
his key and passphrase are compromised? if somebody stole a pint
On Thu, 6 Dec 2007 09:51:16 -0500, Douglas A. Tutty
[EMAIL PROTECTED] said:
Personally, if this thread is to continue, I would like to see it move
from a Why doesn't OpenBSD do things this way? to a What are the
threat models for OpenBSD identity theft and how can we protect
ourselves?.
do you have any idea how hard it really is to mount such an attack?
without being detected? and what's the trojan going to do? copy all
your secrets to their national citizen oppression center? how do they
get their nefarious packets through your firewall without notice?
Of course
HITLER AND MORE HITLER
On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote:
Ted Unangst wrote:
give it a rest guys.
Ted says everything is ok. We can pack up and call it a day, knowing
that everything's settled once and for all.
Seriously, if the process has been already
there seems to be a fine, pink mist in the air. some time ago
the matter comprising this mist was a live and healthy horse.
On Thu, Dec 06, 2007 at 12:39:39PM -0600, Marco Peereboom wrote:
HITLER AND MORE HITLER
On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote:
Ted Unangst
Ok. So Christopher, Marco, and Ted have spoken up to inform the list
that they do not know an answer.
Christopher Linn wrote:
there seems to be a fine, pink mist in the air. ...
To be sure the topic has been covered earlier, but
just where are there relevant message archives, presentations or
On Thursday 06 December 2007 05:52:46 Hannah Schroeter wrote:
Hi!
On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote:
[...]
You know, you're descending into a recursive loop of if, if, if... and
it never ends. OF COURSE if someone breaks into the site they could
do things--once
On Thu, Dec 06, 2007 at 09:39:59PM +0200, Lars Nood??n wrote:
Ok. So Christopher, Marco, and Ted have spoken up to inform the list
that they do not know an answer.
You can't possibly be this dense. Let me try to spell it out. YOU see
an issue WE don't. That makes YOU responsible for fixing
IT buddies
to use it!!!
All the best,
A guy who claims to be Brad Tilley :)
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037
Sent from the openbsd user - misc mailing list archive at Nabble.com.
Paranoia is a disease... it distorts your thinking and your logical
faculty. I'd be more concerned about THAT if I were in your position.
It's stupid to rework the infrastructure to support signing,
especially considering the benefits (none.) Plus, you have to trust
the OpenBSD developers
communication, etc.
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498
Sent from the openbsd user - misc mailing list archive at Nabble.com.
On 12/5/07, Lars Hansson [EMAIL PROTECTED] wrote:
On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote:
I've searched OpenBSD.org and google for source code signing practices in
OpenBSD, nothing obvious stands out. I've probably overlooked it. Just
curious about this... is the process
, I just want to understand.
Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux
Kernel, etc... they all employ some sort of PKI mechanism... so how does
OpenBSD handle these sort of things?
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207
On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote:
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community? Knowing that xyz binary is signed by OpenBSD for
distribution or abc email came from an official OpenBSD source is a good
thing. Trojaned
Ah, my apologies. I was looking at the wrong thing. No further comment.
On Dec 5, 2007 6:18 PM, Brad Tilley [EMAIL PROTECTED] wrote:
Wow, my surprise grows... I shall no longer add to this thread... Bye now.
http://www.kernel.org/signature.html
http://www.freebsd.org/doc/pgpkeyring.txt
*
it. FreeBSD, NetBSD, Linux
Kernel, etc... they all employ some sort of PKI mechanism... so how does
OpenBSD handle these sort of things?
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001
Sent from the openbsd user - misc mailing list
PROTECTED] 0x4C92D93D 20481997/10/16
Never
Bruce Schneier [EMAIL PROTECTED] 0x7EDE4C65 10241995/09/26
Never
Look him and his company Counterpane up yourself:
http://keyserver.veridis.com:11371/
--
View this message in context:
http://www.nabble.com/Code-signing
On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote:
I'm surprised that OpenBSD (the most secure OS I know of)
does not use it, that's all I'm saying. I also thought there would be a real
reason for not doing so and there may in fact be and I may just be unaware
of it.
OpenBSD
Wow, my surprise grows... I shall no longer add to this thread... Bye now.
http://www.kernel.org/signature.html
http://www.freebsd.org/doc/pgpkeyring.txt
* One example of a signed Linux Kernel path... there are many others:
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign
* One
On 12/5/07, new_guy [EMAIL PROTECTED] wrote:
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community?
yes.
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community? Knowing that xyz binary is signed by OpenBSD for
distribution or abc email came from an official OpenBSD source is a good
thing. Trojaned binaries and forged emails happen. PKI can help mitigate
this.
On Dec 5, 2007 12:41 PM, new_guy [EMAIL PROTECTED] wrote:
BOFH-5 wrote:
Would you consider Bruce Schneier to be knowledgeable about PKI? Have you
read:
http://www.schneier.com/paper-pki.html
Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys
as you seem to.
On 12/5/07, new_guy [EMAIL PROTECTED] wrote:
Harpalus a Como wrote:
What is the benefit of doing so? What's the point? Is the website so
likely
to be hacked into, that the developers need to sign all communication just
to ensure that it comes from them? There's absolutely no need to
saying. I also thought there would be a real
reason for not doing so and there may in fact be and I may just be unaware
of it.
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339
Sent from the openbsd user - misc mailing list archive
On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
sign it yourself, then download it. problem solved.
On Wed, 5 Dec 2007 08:46:16 -0800 (PST), new_guy wrote:
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community? Knowing that xyz binary is signed by OpenBSD for
distribution or abc email came from an official OpenBSD source is a good
thing. Trojaned binaries
Yes, that's what I gathered was meant. Going into PKI and code signing,
however, I assumed he meant signing and verifying the underlying source
code, and navigating the trees, I haven't noticed that.
Evidently he meant signing binary packages. In that case, I can kind of
understand the
On Dec 5, 2007, at 7:46 PM, Rui Miguel Silva Seabra wrote:
I don't see what is the problem with blessing a fingerprint of the
binaries with a PKI signature, which would mean that *these* are the
binaries the devs intended to release.
Who would sign the binaries?
Would each package maintainer
If you want a secure binary. buy an official CD.. This is
what most people do. PKI requires infrastructure that would cost OpenBSD
money and developer time. Official CD's keep OpenBSD alive.
Oh wait, we should devote resources to people who care about
security, just not enough
On Dec 5, 2007 2:23 PM, Ted Unangst [EMAIL PROTECTED] wrote:
On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
blah blah blah
have you ever wondered why openbsd doesn't do binary updates?
maybe you are now going to be able to figure out why we don't need
complex signing mechanisms.
On Wed, Dec 05, 2007 at 06:46:01PM +, Rui Miguel Silva Seabra wrote:
On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick
On 12/5/07, bofh [EMAIL PROTECTED] wrote:
Why, I tell you, if you can just make openbsd more like windows,
you'll get a lot more users Don't you care about
market share? (Cue Theo's story about the VC who tried to dotcom-ize
openbsd :-))
Oh? What story is that? I can't
-signing-in-OpenBSD-tf4947207.html#a14180803
Sent from the openbsd user - misc mailing list archive at Nabble.com.
--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet
to digitally
sign my donation ;) I could just be impersonating that person. How is that
for irony? I'll go away now.
Thanks,
Brad
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803
Sent from the openbsd user - misc mailing list archive
critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning
for not using pgp/gpg keys to sign stuff, secure communication, etc.
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498
Sent from the openbsd user - misc mailing
On Wed, Dec 05, 2007, STeve Andre' wrote:
Yes, one can dismiss the benefits. Think about what an MD5 (or any
other cyptographic) checksum means. If the OpenBSD site publishes
that list, how does something more complicated help?
Answer: it doesn't.
Wrong.
If someone cracks a website, then
On Wednesday, 05.12.2007 at 17:59 +, Kevin Stam wrote:
For one thing, I think you're quite confused. Unless I'm missing
something, I'm not noticing the FreeBSD, NetBSD, Linux kernel
developers signing their code, or doing anything particularly
differently from the OpenBSD developers.
On Wed, Dec 05, 2007 at 11:23:28AM -0800, Ted Unangst wrote:
On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
Claus Assmann wrote:
Wrong.
If someone cracks a website, then he can put up a modified binary
and a modified MD5 checksum.
This is silly. You mean that you get the checksums and the
associated binaries from the *SAME* website?
On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote:
Claus Assmann wrote:
Wrong.
If someone cracks a website, then he can put up a modified binary
and a modified MD5 checksum.
This is silly. You mean that you get the checksums and the
associated binaries from the *SAME*
On Wednesday 05 December 2007 11:46:16 new_guy wrote:
Harpalus a Como wrote:
What is the benefit of doing so? What's the point? Is the website so
likely
to be hacked into, that the developers need to sign all communication
just to ensure that it comes from them? There's absolutely no need
On Wed, Dec 05, 2007 at 08:46:16AM -0800, new_guy wrote:
Can you dismiss PKI
Seems they do.
The problem of signing code does not remove the problem
of checking the signature.
When you sign code and when you ask developers to do so,
they need to own some private key which will let you check
on
On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote:
On Wed, Dec 05, 2007, STeve Andre' wrote:
Yes, one can dismiss the benefits. Think about what an MD5 (or any
other cyptographic) checksum means. If the OpenBSD site publishes
that list, how does something more complicated help?
bofh wrote:
On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote:
Claus Assmann wrote:
Wrong.
If someone cracks a website, then he can put up a modified binary
and a modified MD5 checksum.
This is silly. You mean that you get the checksums and the
associated
But, my god, you're asking people to do actual work? Goddamn it, you
aren't doing your bit to improve the ease of use of people using
openbsd. Where's the one click gui to install everything that I want
(but only what I want and nothing more!)? It is positively
embarassing that I have to use a
On Thu, 06 Dec 2007 02:35:38 +0100, Gilbert Fernandes
[EMAIL PROTECTED] wrote:
Signing the hashes could help but you do know very few
people are really going to check those.
Or you pull the MD5s from another source than your packages,
not bloody likely that the two different sites you've
On Thu, Dec 06, 2007 at 04:03:48AM +0100, Linus Sw?las wrote:
Or you pull the MD5s from another source than your packages,
not bloody likely that the two different sites you've selected
for download has both been hacked.
This does not protect against the master site being owned though,
On Wed, Dec 05, 2007, STeve Andre' wrote:
On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote:
Someone actually did the former with sendmail.org (to distribute a
version of sendmail with a backdoor). The problem was only noted
because users checked the (digital) signature.
You
On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
It's not really OpenBSD's problem that some companies
On Wed, Dec 05, 2007 at 07:02:03PM -0800, Claus Assmann wrote:
On Wed, Dec 05, 2007, STeve Andre' wrote:
On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote:
Someone actually did the former with sendmail.org (to distribute a
version of sendmail with a backdoor). The problem was
I've searched OpenBSD.org and google for source code signing practices in
OpenBSD, nothing obvious stands out. I've probably overlooked it. Just
curious about this... is the process described someplace?
--
View this message in context:
http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html
On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote:
I've searched OpenBSD.org and google for source code signing practices in
OpenBSD, nothing obvious stands out. I've probably overlooked it. Just
curious about this... is the process described someplace?
No. OpenBSD doesn't sign code
81 matches
Mail list logo