Re: Code signing in OpenBSD

As far as packages go, we know how to do signing. At least the technical part. The issue is not technical. As always with distributed authentication schemes.

Re: Code signing in OpenBSD

2007/12/5, Marco Peereboom [EMAIL PROTECTED]: have you ever wondered why openbsd doesn't do binary updates? And what are package updates? Does pkg_add -u even check an e.g. md5 or does it trust the server? Best Martin

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 12:37:19PM +0800, Lars Hansson wrote: On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote: blah blah blah have you ever wondered why openbsd doesn't do binary updates? I'm not talking about updates, I can read C. maybe you are now going to be able to figure out why we don't need complex signing mechanisms. You're

Re: Code signing in OpenBSD

Hi! On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote: On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from

Re: Code signing in OpenBSD

Hi! On Wed, Dec 05, 2007 at 01:24:49PM -0700, Bob Beck wrote: If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Doesn't help you if you want fixes

Re: Code signing in OpenBSD

Hi! On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote: [...] You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare say that

Re: Code signing in OpenBSD

Hannah Schroeter wrote: ... As the talk about those online surveillance plans includes talk about tailored attacks for each victim, they could investigate which OS one uses and which ways of updating, so they could tailor their attack vector appropriately. ... Some of this is mitigated in

Re: Code signing in OpenBSD

On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to revoke a key if there ever was a problem.

Re: Code signing in OpenBSD

Hi! On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote: On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to

Re: Code signing in OpenBSD

Hi! On Thu, Dec 06, 2007 at 01:12:02PM +0200, Lars Noodin wrote: Hannah Schroeter wrote: ... As the talk about those online surveillance plans includes talk about tailored attacks for each victim, they could investigate which OS one uses and which ways of updating, so they could tailor their

Re: Code signing in OpenBSD

Hannah Schroeter wrote: ... AFS is also encrypted, but unless its used to get all the tarballs and make them accessible locally (e.g. make a cd) it's not a help during the installation. I don't know enough about AFS to say anything about how to secure it from the beginning on. I'm not

Re: Code signing in OpenBSD

At this point, it's probably a good idea to point out there's a paper called Trusting Trust about your everyday C compiler... On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote: Hannah Schroeter wrote: ... AFS is also encrypted, but unless its used to get all the tarballs and make them

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the

Re: Code signing in OpenBSD

bofh wrote: At this point, it's probably a good idea to point out there's a paper called Trusting Trust about your everyday C compiler... Yeah. It recently disappeared from the ACM's web site after 11+ years of availability: http://www.acm.org/classics/oct95/ There is, fortunately, the

Re: Code signing in OpenBSD

Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more active threat, especially to OpenBSD. cui bono? If we assume for the sake

Re: Code signing in OpenBSD

You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty

Re: Code signing in OpenBSD

That's why I always hand enter, in binary, by toggling switches on the front of my box[1] when I start a new system. [1]. What, you never pressed the power button On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote: bofh wrote: At this point, it's probably a good idea to point out there's a

Re: Code signing in OpenBSD

hitler already On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote: Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 09:08:56AM -0600, Marco Peereboom wrote: hitler already Here is yours : ++ | 1 Godwin point | ++ Bye -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep

Re: Code signing in OpenBSD

Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies implement pointless security policies. I'm not discussing wether its

Re: Code signing in OpenBSD

On 06 NN5N: 2007, at 5:39 NN, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And how would you know that it is indeed Theo and not someone that looks like him? I think that blood samples and

Re: Code signing in OpenBSD

Code signing by blood. ISAGN. Sorry marc - had to do it On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote: On 06 Dej 2007, at 5:39 LL, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 09:39:35AM -0600, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. He doesn't have to bring the CDs, just in the speach give the MD5 (or other more secure [sha?} sum for an

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote: Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more active threat,

Re: Code signing in OpenBSD

Hi! On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote: On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to

Re: Code signing in OpenBSD

bofh wrote: Code signing by blood. ISAGN. Sorry marc - had to do it what if theo is a person of interest, has his endpoint surveilled and his key and passphrase are compromised? if somebody stole a pint of blood, that could go a long way in your proposed plan... short of having a

Re: Code signing in OpenBSD

Ted Unangst wrote: give it a rest guys. Ted says everything is ok. We can pack up and call it a day, knowing that everything's settled once and for all. Seriously, if the process has been already worked out, then point to where it is written up. Maybe we're not looking in the right part of

Re: Code signing in OpenBSD

give it a rest guys. has anyone ever actually been the victim of some government/corporate/the man attack where they slipped trojan openbsd binaries to you? do you have any idea how hard it really is to mount such an attack? without being detected? and what's the trojan going to do? copy all

Re: Code signing in OpenBSD

Since this thread is both TOP and BOTTOM posted, I am going UPPER MIDDLE post. bofh wrote: Code signing by blood. ISAGN. Sorry marc - had to do it what if theo is a person of interest, has his endpoint surveilled and his key and passphrase are compromised? if somebody stole a pint

Re: Code signing in OpenBSD

On Thu, 6 Dec 2007 09:51:16 -0500, Douglas A. Tutty [EMAIL PROTECTED] said: Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?.

Re: Code signing in OpenBSD

do you have any idea how hard it really is to mount such an attack? without being detected? and what's the trojan going to do? copy all your secrets to their national citizen oppression center? how do they get their nefarious packets through your firewall without notice? Of course

Re: Code signing in OpenBSD

HITLER AND MORE HITLER On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote: Ted Unangst wrote: give it a rest guys. Ted says everything is ok. We can pack up and call it a day, knowing that everything's settled once and for all. Seriously, if the process has been already

Re: Code signing in OpenBSD

there seems to be a fine, pink mist in the air. some time ago the matter comprising this mist was a live and healthy horse. On Thu, Dec 06, 2007 at 12:39:39PM -0600, Marco Peereboom wrote: HITLER AND MORE HITLER On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote: Ted Unangst

Re: Code signing in OpenBSD

Ok. So Christopher, Marco, and Ted have spoken up to inform the list that they do not know an answer. Christopher Linn wrote: there seems to be a fine, pink mist in the air. ... To be sure the topic has been covered earlier, but just where are there relevant message archives, presentations or

Re: Code signing in OpenBSD

On Thursday 06 December 2007 05:52:46 Hannah Schroeter wrote: Hi! On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote: [...] You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 09:39:59PM +0200, Lars Nood??n wrote: Ok. So Christopher, Marco, and Ted have spoken up to inform the list that they do not know an answer. You can't possibly be this dense. Let me try to spell it out. YOU see an issue WE don't. That makes YOU responsible for fixing

Re: Code signing in OpenBSD

IT buddies to use it!!! All the best, A guy who claims to be Brad Tilley :) -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037 Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Code signing in OpenBSD

Paranoia is a disease... it distorts your thinking and your logical faculty. I'd be more concerned about THAT if I were in your position. It's stupid to rework the infrastructure to support signing, especially considering the benefits (none.) Plus, you have to trust the OpenBSD developers

Re: Code signing in OpenBSD

communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Code signing in OpenBSD

On 12/5/07, Lars Hansson [EMAIL PROTECTED] wrote: On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process

Re: Code signing in OpenBSD

, I just want to understand. Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux Kernel, etc... they all employ some sort of PKI mechanism... so how does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207

Re: Code signing in OpenBSD

On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned

Re: Code signing in OpenBSD

Ah, my apologies. I was looking at the wrong thing. No further comment. On Dec 5, 2007 6:18 PM, Brad Tilley [EMAIL PROTECTED] wrote: Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt *

Re: Code signing in OpenBSD

it. FreeBSD, NetBSD, Linux Kernel, etc... they all employ some sort of PKI mechanism... so how does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list

Re: Code signing in OpenBSD

PROTECTED] 0x4C92D93D 20481997/10/16 Never Bruce Schneier [EMAIL PROTECTED] 0x7EDE4C65 10241995/09/26 Never Look him and his company Counterpane up yourself: http://keyserver.veridis.com:11371/ -- View this message in context: http://www.nabble.com/Code-signing

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD

Re: Code signing in OpenBSD

Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt * One example of a signed Linux Kernel path... there are many others: ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign * One

Re: Code signing in OpenBSD

On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? yes.

Re: Code signing in OpenBSD

Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this.

Re: Code signing in OpenBSD

On Dec 5, 2007 12:41 PM, new_guy [EMAIL PROTECTED] wrote: BOFH-5 wrote: Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to.

Re: Code signing in OpenBSD

On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to

Re: Code signing in OpenBSD

saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive

Re: Code signing in OpenBSD

On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. sign it yourself, then download it. problem solved.

Re: Code signing in OpenBSD

On Wed, 5 Dec 2007 08:46:16 -0800 (PST), new_guy wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries

Re: Code signing in OpenBSD

Yes, that's what I gathered was meant. Going into PKI and code signing, however, I assumed he meant signing and verifying the underlying source code, and navigating the trees, I haven't noticed that. Evidently he meant signing binary packages. In that case, I can kind of understand the

Re: Code signing in OpenBSD

On Dec 5, 2007, at 7:46 PM, Rui Miguel Silva Seabra wrote: I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Who would sign the binaries? Would each package maintainer

Re: Code signing in OpenBSD

If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough

Re: Code signing in OpenBSD

On Dec 5, 2007 2:23 PM, Ted Unangst [EMAIL PROTECTED] wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet.

Re: Code signing in OpenBSD

blah blah blah have you ever wondered why openbsd doesn't do binary updates? maybe you are now going to be able to figure out why we don't need complex signing mechanisms. On Wed, Dec 05, 2007 at 06:46:01PM +, Rui Miguel Silva Seabra wrote: On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick

Re: Code signing in OpenBSD

On 12/5/07, bofh [EMAIL PROTECTED] wrote: Why, I tell you, if you can just make openbsd more like windows, you'll get a lot more users Don't you care about market share? (Cue Theo's story about the VC who tried to dotcom-ize openbsd :-)) Oh? What story is that? I can't

Re: Code signing in OpenBSD

-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from the openbsd user - misc mailing list archive at Nabble.com. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet

Re: Code signing in OpenBSD

to digitally sign my donation ;) I could just be impersonating that person. How is that for irony? I'll go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from the openbsd user - misc mailing list archive

Re: Code signing in OpenBSD

critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user - misc mailing

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help? Answer: it doesn't. Wrong. If someone cracks a website, then

Re: Code signing in OpenBSD

On Wednesday, 05.12.2007 at 17:59 +, Kevin Stam wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers.

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 11:23:28AM -0800, Ted Unangst wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet.

Re: Code signing in OpenBSD

Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME* website?

Re: Code signing in OpenBSD

On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME*

Re: Code signing in OpenBSD

On Wednesday 05 December 2007 11:46:16 new_guy wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 08:46:16AM -0800, new_guy wrote: Can you dismiss PKI Seems they do. The problem of signing code does not remove the problem of checking the signature. When you sign code and when you ask developers to do so, they need to own some private key which will let you check on

Re: Code signing in OpenBSD

On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help?

Re: Code signing in OpenBSD

bofh wrote: On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated

Re: Code signing in OpenBSD

But, my god, you're asking people to do actual work? Goddamn it, you aren't doing your bit to improve the ease of use of people using openbsd. Where's the one click gui to install everything that I want (but only what I want and nothing more!)? It is positively embarassing that I have to use a

Re: Code signing in OpenBSD

On Thu, 06 Dec 2007 02:35:38 +0100, Gilbert Fernandes [EMAIL PROTECTED] wrote: Signing the hashes could help but you do know very few people are really going to check those. Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 04:03:48AM +0100, Linus Sw?las wrote: Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've selected for download has both been hacked. This does not protect against the master site being owned though,

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature. You

Re: Code signing in OpenBSD

On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 07:02:03PM -0800, Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was

Code signing in OpenBSD

I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html

Re: Code signing in OpenBSD

On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? No. OpenBSD doesn't sign code