previously on this list Theo de Raadt contributed:
source tree,
Whose fingerprints are available on the website, many of which for years
and are probably in googles cache available over ssl and many other
corners of the web.
on twitter or google, or anywhere else you like. Ask questions
if
On Wed, Aug 13, 2014, at 04:47 AM, Kevin Chadwick wrote:
It has occurred to me that you have been very good in terms of not
tying the keys in any way to the buying of cds for each
release/snapshot. I donate what I can rather than buy cd's as it is more
efficient but I guess the money goes to a
On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote:
One suggestion/request, to make it even harder for the man-in-the-middle
attack to be successfully employed, could the current checksums be posted in
the announcement of the new version?
http://www.openbsd.org/55.html
On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote:
One suggestion/request, to make it even harder for the man-in-the-middle
attack to be successfully employed, could the current checksums be posted in
the announcement of the new version?
http://www.openbsd.org/55.html
On 13-08-2014 09:04, Carlin Bingham wrote:
Are there plans to get openbsd.org serving over SSL? That would help a
bit in trusting the keys posted to the website.
No, it wouldn't. If we go down that path, DNSSEC, with all it's problems
is better than SSL for this. You can get free ssl
On Thu, 14 Aug 2014, at 12:38 AM, Giancarlo Razzolini wrote:
On 13-08-2014 09:04, Carlin Bingham wrote:
Are there plans to get openbsd.org serving over SSL? That would help a
bit in trusting the keys posted to the website.
No, it wouldn't. If we go down that path, DNSSEC, with all it's
On 13-08-2014 09:54, Carlin Bingham wrote:
Of course, but doing all that in addition to getting the keys over SSL
is better than doing all that and not getting the keys over SSL.
I did sent this same e-mail you sent almost a year ago. We have signify
now. Things have changed. There is always,
On August 13, 2014 2:04:14 PM CEST, Carlin Bingham c...@viennan.net wrote:
On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote:
One suggestion/request, to make it even harder for the
man-in-the-middle attack to be successfully employed, could the current
checksums be posted in the announcement
previously on this list Giancarlo Razzolini contributed:
Are there plans to get openbsd.org serving over SSL? That would help a
bit in trusting the keys posted to the website.
No, it wouldn't. If we go down that path, DNSSEC, with all it's problems
is better than SSL for this. You can
On 13-08-2014 11:36, Alexander Hall wrote:
How did you download your browser? Can you trust all certs it uses? Etc
etc...:-p
It can't. Just see the Turktrust/Google case.
So many chickens and eggs here.
Since we are at this, how can you trust your operating system? Your
hardware? Everyone need
On 13-08-2014 10:55, Kevin Chadwick wrote:
Perhaps we should ask debian or arch to ask gnupg.orgs keyserver to use
a CA signed cert but of course they wouldn't and offer a self-signed I
guess for political reasons or not to trip up those who don't
understand the issues and perhaps that is true
On Wed, 13 Aug 2014 12:19:40 -0300
Giancarlo Razzolini wrote:
Today there is never a need for self-signed certs. You can get them for
free, there's no excuse.
Tell that to gnupg.org, as I say political... but useful going forward
but there are only a few keyservers.
Also if you have a secure
On Wed, 13 Aug 2014 12:19:40 -0300
Giancarlo Razzolini wrote:
Today there is never a need for self-signed certs. You can get them for
free, there's no excuse.
Tell that to gnupg.org, as I say political... but useful going forward
but there are only a few keyservers.
Also if you have
On 13.08.2014 17:11, Giancarlo Razzolini wrote:
On 13-08-2014 11:36, Alexander Hall wrote:
How did you download your browser? Can you trust all certs it uses?
Etc
etc...:-p
It can't. Just see the Turktrust/Google case.
So many chickens and eggs here.
Since we are at this, how can you trust
On Wed, 13 Aug 2014 11:12:21 -0600
Theo de Raadt wrote:
Also if you have a secure method to share the fingerprint then
self-signed are more secure. Personally I would like someone, perhaps
a major browser to create a service where we can login and submit our
fingerprint and
oh, I
Also if you have a secure method to share the fingerprint then
self-signed are more secure. Personally I would like someone, perhaps
a major browser to create a service where we can login and submit our
fingerprint and
oh, I suppose because everything is much safer better when
On 13/08/14 22:13, Eric Furman wrote:
[snip]
The most absolutely best way any one can contribute to OBSD
is to BUY CD'S. Buy some cd's and then buy some more.
Buy them for the stickers. Buy them because they fund OBSD.
Without cd sales OBSD would cease to exist.
It is as simple as that. So,
On Wed, Aug 13, 2014, at 05:36 PM, Worik Stanton wrote:
On 13/08/14 22:13, Eric Furman wrote:
[snip]
The most absolutely best way any one can contribute to OBSD
is to BUY CD'S. Buy some cd's and then buy some more.
Buy them for the stickers. Buy them because they fund OBSD.
Without cd
On Wed, Aug 13, 2014 at 3:52 PM, Eric Furman ericfur...@fastmail.net wrote:
On Wed, Aug 13, 2014, at 05:36 PM, Worik Stanton wrote:
On 13/08/14 22:13, Eric Furman wrote:
[snip]
The most absolutely best way any one can contribute to OBSD
is to BUY CD'S. Buy some cd's and then buy some more.
My understanding of the problem:
(Bear with me. I'm trying not to ramble too much here.)
For catching simple data errors in the download, there is no problem,
of course. The attacker is random chance, so downloading the SHA256
file and comparing the checksums should be sufficient.
The
Checksums? SHA256 files? There are no SHA256 files. Now there are
SHA256.sig files. You are at least 6 months behind the times.
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/signify.1?query=signifyarch=i386
See the EXAMPLES section.
You can visually verify the (very short)
One suggestion/request, to make it even harder for the man-in-the-middle
attack to be successfully employed, could the current checksums be posted in
the announcement of the new version?
http://www.openbsd.org/55.html
signify(1) pubkeys for this release:
base:
22 matches
Mail list logo