Re: Code signing in OpenBSD
As far as packages go, we know how to do signing. At least the technical part. The issue is not technical. As always with distributed authentication schemes.
Re: Code signing in OpenBSD
2007/12/5, Marco Peereboom [EMAIL PROTECTED]: have you ever wondered why openbsd doesn't do binary updates? And what are package updates? Does pkg_add -u even check an e.g. md5 or does it trust the server? Best Martin
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 12:37:19PM +0800, Lars Hansson wrote: On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies implement pointless security policies. I'm not discussing wether its pointless or not, maybe you don't want OpenBSD to be used at all? Rui -- Grudnuk demand sustenance! Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote: blah blah blah have you ever wondered why openbsd doesn't do binary updates? I'm not talking about updates, I can read C. maybe you are now going to be able to figure out why we don't need complex signing mechanisms. You're ignoring that it is perhaps quite insane to expect anyone to verify every single line of code, and a (so far very much deserved) trust is given to the developers. Which is why I would very much like to be absolutely sure the CD I bought brought the release the developers intended to publish. This is not about downloading OpenBSD, but of having a quite measurable degree of trust that what you have is what you were supposed to have. Btw, it would be much better to use a hashing algorithm stronger than MD5, even on the file signed by an OpenPGP or X.509 certificate. Rui -- Wibble. Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Code signing in OpenBSD
Hi! On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote: On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. What are the risks you are trying to address? One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using OpenBSD CDs doesn't protect the victim from attacks like that that much because many people need ports/packages and to get fixes one virtually has to use -current most of the time, and to update -current, one often uses snapshots over non-secured transfers (ftp, rsync, source via cvsync/cvsup). The only exception I know of is anoncvs via ssh, but then, the CDs, IIRC, don't even ship with a known_hosts file for the anoncvs servers. As the talk about those online surveillance plans includes talk about tailored attacks for each victim, they could investigate which OS one uses and which ways of updating, so they could tailor their attack vector appropriately. Yes, *I*'d be vulnerable. I'd be not if I had a public key (and anoncvs known_hosts file) from CD, perhaps also cvsync with cryprographic integrity protection and public key (fingerprints) from CD, etc. So the online surveillance stuff would perhaps not only affect Windoze boxen as some people would come to think, even though the installation of a trojan is, of course, usually much easier for Windoze than for OpenBSD (or even a Linux installation if people with some skills operate them). Yes, of course cryptographic integrity protection wouldn't secure OpenBSD against all kinds of attack vectors, but against *some*. Yes, it comes at a cost. And I don't know whether the cost is really worth while... But I question whether it's really sound to just dismiss it beforehand. [...] Kind regards, Hannah.
Re: Code signing in OpenBSD
Hi! On Wed, Dec 05, 2007 at 01:24:49PM -0700, Bob Beck wrote: If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Doesn't help you if you want fixes for ports/packages or even the base OS. Once you want that, you have to update over the net, and as I said in my other mail, here you have no clear protection. Or do the CDs at least carry a known_hosts file for the anoncvs servers, inbetween? [...] Kind regards, Hannah.
Re: Code signing in OpenBSD
Hi! On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote: [...] You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare say that someone breaking into a site might find all the appropriate tools to re-sign things, too, and do the spoof that way. If I released code with cryptographic signatures, I'd not leave a secret key file, nor a passphrase on the servers with the master web/ftp site. I'd sign on a box you can't access from the master site (nor the mirrors). So, no, the attacker would *not* gain access to signing tools (ok, yes, the tools, perhaps, like gpg or openssl, but not the key material). --STeve Andre' Kind regards, Hannah.
Re: Code signing in OpenBSD
Hannah Schroeter wrote: ... As the talk about those online surveillance plans includes talk about tailored attacks for each victim, they could investigate which OS one uses and which ways of updating, so they could tailor their attack vector appropriately. ... Some of this is mitigated in that when using OpenBSD, the connections to the repositories is signed. Though, it looks like HTTP transfers are not, and there is the question of getting the initial installation packages. If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. Having the installation process pre-load the keys into the data for the ssh, ftp and afs clients would be even fancier. -Lars
Re: Code signing in OpenBSD
On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to revoke a key if there ever was a problem.
Re: Code signing in OpenBSD
Hi! On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote: On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to revoke a key if there ever was a problem. Key revocation lists in some form? If it's gpg/OpenPGP, instruct users to update from keyservers, one will notice when there're incompatibilities between the key from CD and the one from the keyserver, but one will also get the revocation from the keyserver. And if one buys every CD, there's the time window of half a year even without a key revocation infrastructure. Kind regards, Hannah.
Re: Code signing in OpenBSD
Hi! On Thu, Dec 06, 2007 at 01:12:02PM +0200, Lars Noodin wrote: Hannah Schroeter wrote: ... As the talk about those online surveillance plans includes talk about tailored attacks for each victim, they could investigate which OS one uses and which ways of updating, so they could tailor their attack vector appropriately. ... Some of this is mitigated in that when using OpenBSD, the connections to the repositories is signed. Though, it looks like HTTP transfers are not, and there is the question of getting the initial installation packages. Have I missed something? Last time I checked, it was plain http/ftp for retrieving the base tarballs as well as the packages. [...] Kind regards, Hannah.
Re: Code signing in OpenBSD
Hannah Schroeter wrote: ... AFS is also encrypted, but unless its used to get all the tarballs and make them accessible locally (e.g. make a cd) it's not a help during the installation. I don't know enough about AFS to say anything about how to secure it from the beginning on. I'm not very knowledgeable, but have been looking at the documenation lately: http://www.openafs.org/pages/doc/AdminGuide/auagd007.htm#HDRWQ75 ... Given the existence of Windows servers (aka compromised machines) on many networks, there are many chances for traffic to be intercepted, often even DNS. So man-in-the-middle attacks appear to be theoretically easy during the first part of an OpenBSD network installation. Yes, alas. And especially, for government legal interception, where they could legally enlist help from ISPs. So, intentional (corporate or government agreement with ISP) or unintentional (use of M$ on ISP DNS server), could allow the initial installation to become compromised, perhaps in a hard-to-detect way. None of this seems to be solved in the installation guide: http://openbsd.org/faq/faq4.html Again, it looks like it might come down to keys or fingerprints and that the network install might be depreciated. Rather, download, verify, then install. -Lars
Re: Code signing in OpenBSD
At this point, it's probably a good idea to point out there's a paper called Trusting Trust about your everyday C compiler... On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote: Hannah Schroeter wrote: ... AFS is also encrypted, but unless its used to get all the tarballs and make them accessible locally (e.g. make a cd) it's not a help during the installation. I don't know enough about AFS to say anything about how to secure it from the beginning on. I'm not very knowledgeable, but have been looking at the documenation lately: http://www.openafs.org/pages/doc/AdminGuide/auagd007.htm#HDRWQ75 ... Given the existence of Windows servers (aka compromised machines) on many networks, there are many chances for traffic to be intercepted, often even DNS. So man-in-the-middle attacks appear to be theoretically easy during the first part of an OpenBSD network installation. Yes, alas. And especially, for government legal interception, where they could legally enlist help from ISPs. So, intentional (corporate or government agreement with ISP) or unintentional (use of M$ on ISP DNS server), could allow the initial installation to become compromised, perhaps in a hard-to-detect way. None of this seems to be solved in the installation guide: http://openbsd.org/faq/faq4.html Again, it looks like it might come down to keys or fingerprints and that the network install might be depreciated. Rather, download, verify, then install. -Lars -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug.
Re: Code signing in OpenBSD
bofh wrote: At this point, it's probably a good idea to point out there's a paper called Trusting Trust about your everyday C compiler... Yeah. It recently disappeared from the ACM's web site after 11+ years of availability: http://www.acm.org/classics/oct95/ There is, fortunately, the author's copy: http://cm.bell-labs.com/who/ken/trust.html There is an interesting follow up: http://www.dwheeler.com/trusting-trust/ summary of the followup: http://www.schneier.com/blog/archives/2006/01/countering_trus.html The bottom line, however, is that having and using the source is not optional. Thus, patches are provided in OpenBSD as source... But, starting from an initial set of some binaries is adequate for many uses, just as long as we can make reasonably sure that those binaries come from who they are supposed to / we expect them to. The install process ought to be fairly clear about the origin, authenticity and integrity of those initial binaries. No need to build on more of a sand foundation than necessary. -Lars
Re: Code signing in OpenBSD
Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more active threat, especially to OpenBSD. cui bono? If we assume for the sake of argument that the printed CDs are ok, then there is at least one method for distributing keys and/or building a web of trust. -Lars
Re: Code signing in OpenBSD
You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
That's why I always hand enter, in binary, by toggling switches on the front of my box[1] when I start a new system. [1]. What, you never pressed the power button On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote: bofh wrote: At this point, it's probably a good idea to point out there's a paper called Trusting Trust about your everyday C compiler... Yeah. It recently disappeared from the ACM's web site after 11+ years of availability: http://www.acm.org/classics/oct95/ There is, fortunately, the author's copy: http://cm.bell-labs.com/who/ken/trust.html There is an interesting follow up: http://www.dwheeler.com/trusting-trust/ summary of the followup: http://www.schneier.com/blog/archives/2006/01/countering_trus.html The bottom line, however, is that having and using the source is not optional. Thus, patches are provided in OpenBSD as source... But, starting from an initial set of some binaries is adequate for many uses, just as long as we can make reasonably sure that those binaries come from who they are supposed to / we expect them to. The install process ought to be fairly clear about the origin, authenticity and integrity of those initial binaries. No need to build on more of a sand foundation than necessary. -Lars -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
hitler already On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote: Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more active threat, especially to OpenBSD. cui bono? If we assume for the sake of argument that the printed CDs are ok, then there is at least one method for distributing keys and/or building a web of trust. -Lars
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 09:08:56AM -0600, Marco Peereboom wrote: hitler already Here is yours : ++ | 1 Godwin point | ++ Bye -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep
Re: Code signing in OpenBSD
Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies implement pointless security policies. I'm not discussing wether its pointless or not, maybe you don't want OpenBSD to be used at all? You make it sound like OpenBSD is a vendor that is actively marketing to these companies and that cannot make a sale because it is not meeting a specific set of criteria in your requirements docs. Tell you what. I am sure there are a number of individuals on the list who own or work at companies that would be more than happy to provide your employer with a custom-built set of installation binaries and packages, signed for your digital pleasure. I expect bi-annual costs, including overhead like lawyers, errors and omissions insurance, etc, to run mid-5-figures per release. Minimum 5 release contract. Expect much re-writing of contract clauses. If there is indeed that much value derived in your organization from the use of OpenBSD, then this will be a paltry sum to pay. I am fairly confident that Oracle and Sun and SAP likely aren't PKI'ing their updates from their websites. Oh wait. Are those excluded from the company policy because you have a contract in place? I went through a similar policy a few years ago while doing Sarbanes-Oxley consulting. The lawyers and auditors were screaming for validation of free software, like Perl. After many months of having tantrums, they, along with management, finally realized that going down this path would be tantamount to try to chip away all the morter keeping a brick building together. The effects on the integrity of the structure (corporate, in this case) would be too great to keep pursuing this line of thought. That policy was abandoned because it was costing more to implement than the perceived risks they believed they could mitigate. (i.e. - they had to think in practical terms) Shortly afterward, I went back to steel-toed-boots engineering, where risks models really matter because you're trying to ensure that people don't get killed, that the environment doesn't get polluted, that you don't destroy assets and that you don't impact production. Digital signatures are pretty irrelevant when you need to be concerned about an explosion that could potentially wipe out a few hundred million in infrastructure in the space of a few city blocks. Or when an H2S leak can kill you and your crew in the matter of a few breaths. If it's that important, shut up and hack. Or otherwise just shut up.
Re: Code signing in OpenBSD
On 06 NN5N: 2007, at 5:39 NN, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And how would you know that it is indeed Theo and not someone that looks like him? I think that blood samples and DNA tests is the only way to go here. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
Code signing by blood. ISAGN. Sorry marc - had to do it On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote: On 06 Dej 2007, at 5:39 LL, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And how would you know that it is indeed Theo and not someone that looks like him? I think that blood samples and DNA tests is the only way to go here. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 09:39:35AM -0600, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. He doesn't have to bring the CDs, just in the speach give the MD5 (or other more secure [sha?} sum for an .iso file made from those CDs. Buy the CD, create an image, calc the md5. Compare with Theo's speach. Doug.
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote: Douglas A. Tutty wrote: Using software from any source without interference from an all-pervasive government is a very special,... It's not all about governments. Corporate espionage is probably a larger, more active threat, especially to OpenBSD. True, but a single source of corporate espionage can't attack the mail, phone, fax, and internet (e.g. ftp) all at the same time. cui bono? If we assume for the sake of argument that the printed CDs are ok, then there is at least one method for distributing keys and/or building a web of trust. -Lars Doug.
Re: Code signing in OpenBSD
Hi! On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote: On 2007/12/06 13:12, Lars Noodin wrote: If the installation process (from the purchased CDs) had a list of the public keys for the official mirror sites, then that would go a long way. That would make it rather hard to revoke a key if there ever was a problem. Key revocation lists in some form? If it's gpg/OpenPGP, instruct users to update from keyservers, one will notice when there're incompatibilities between the key from CD and the one from the keyserver, but one will also get the revocation from the keyserver. And if one buys every CD, there's the time window of half a year even without a key revocation infrastructure. Kind regards, Hannah. Why not start selling public key lists from the order site, then those who care can order one (or more) CD(s) and a separately delivered (set of) public key lists (in sealed envelopes). Otherwise ordering CDs will suffice. When a key is revoked (announced somewhere) or incompatibilities occur order a new (set of) list(s). Then there is the problem of the lists being replaced by some new list by the postman, thus ordering a set of lists instead of only one. Have them delivered by different couriers, if all of them replaces the list you will probably know. Now, that will require a lot of work, and a lot of money (a lot of fuss for a piece of paper) to scare most people off. Problem solved. Brad, you really did start some thread. Starting with a rather innocent question. Interesting reading though. My best to all of you, Daniel
Re: Code signing in OpenBSD
bofh wrote: Code signing by blood. ISAGN. Sorry marc - had to do it what if theo is a person of interest, has his endpoint surveilled and his key and passphrase are compromised? if somebody stole a pint of blood, that could go a long way in your proposed plan... short of having a web of trust, meeting people in person to sign their keys and assuming private keys and passphrases have not been compromised, you're pretty much SOL here. best bet is to use anoncvs and verify your cvs server's public key in person, but even that is a PITA. if massive databases of key fingerprint collisions exist MITM is very real even with a key fingerprint, multiple fingerprints make this much harder. if anyone has a non-trivial quantum computer or remote viewing really works, the gig is pretty much up anyhow. jy-p cinches his tinfoil hat and returns to following the yellow brick road... On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote: On 06 Dej 2007, at 5:39 LL, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And how would you know that it is indeed Theo and not someone that looks like him? I think that blood samples and DNA tests is the only way to go here. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
Ted Unangst wrote: give it a rest guys. Ted says everything is ok. We can pack up and call it a day, knowing that everything's settled once and for all. Seriously, if the process has been already worked out, then point to where it is written up. Maybe we're not looking in the right part of the FAQ. -Lars
Re: Code signing in OpenBSD
give it a rest guys. has anyone ever actually been the victim of some government/corporate/the man attack where they slipped trojan openbsd binaries to you? do you have any idea how hard it really is to mount such an attack? without being detected? and what's the trojan going to do? copy all your secrets to their national citizen oppression center? how do they get their nefarious packets through your firewall without notice? i've download openbsd onto various machines from at least 5 mirrors using 9 isps in 5 countries over the course of 7 years. and you're telling me that every single time, somebody out there was feeding me the bad bits? because if they screwed up even a single time, i could use the good machine to detect the tainted ones. get real.
Re: Code signing in OpenBSD
Since this thread is both TOP and BOTTOM posted, I am going UPPER MIDDLE post. bofh wrote: Code signing by blood. ISAGN. Sorry marc - had to do it what if theo is a person of interest, has his endpoint surveilled and his key and passphrase are compromised? if somebody stole a pint of blood, that could go a long way in your proposed plan... short of having a web of trust, meeting people in person to sign their keys and assuming private keys and passphrases have not been compromised, you're pretty much SOL here. best bet is to use anoncvs and verify your cvs server's public key in person, but even that is a PITA. if massive databases of key fingerprint collisions exist MITM is very real even with a key fingerprint, multiple fingerprints make this much harder. if anyone has a non-trivial quantum computer or remote viewing really works, the gig is pretty much up anyhow. jy-p cinches his tinfoil hat and returns to following the yellow brick road... Like Keyser Soze, Theo has neither blood nor DNA. Except for me at beer last night, no one has ever seen Theo. So everyone's point is moot. On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote: On 06 Dej 2007, at 5:39 LL, bofh wrote: You forgot one option. Invite Theo to give a talk, and ask him to bring the CDs. If you can't trust Theo's CDs, all hope is lost. And how would you know that it is indeed Theo and not someone that looks like him? I think that blood samples and DNA tests is the only way to go here. Just need to make sure there're some mountains around for Theo to go climb. If you live on a flatland, then, sorry, you're doomed. On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote: One risk would be the plans of online surveillance of computers e.g. in Germany. One way to install surveillance even on OpenBSD would be to actively interfere with the internet connection with the surveilled person, in the man-in-the-middle sense, and inject trojanned code (Bundestrojaner) into the updates of the victim. Using software from any source without interference from an all-pervasive government is a very special, but unfortunatly today, a very real issue for many people around the world. To be secure, you have to get pieces of the puzzle over multiple paths. It all can't come via the net since then you're open to man-in-the-middle. Key-revocation announcements could come over the net (via an announce list) but the new key would then have to come over a second channel. One second-channel option is the q6mth CD issue, which could include a new public key and e.g. known-hosts fingerprints. This is vulnerable to a very determined man-in-the-middle who can replicate and then alter the CD before it arrives to you in the mail. Another option is a trusted courier flying to Alberta and get a CD from the OpenBSD store (yeah, right). In fact, likely any other technological option (e.g. an answering machine in Alberta that spits out the alphanumerics of the current master public key) is still suceptible. If every piece of information you receive is filter through your government, is there any hand-shaking protocol that can allow you to establish a verified information connection (not necessarily encrypted)? I don't think so. Sure, Debian has signed .debs that use gpg as a back end (the system is called apt-key), it relies on you trusting the fist key that you get from them. Since Debian doesn't actually mail out its own CDs, everything is off its mirrors. apt-key only 'protects' you from a later man-in-the-middle. I think that this is the central 'problem' that people are dancing around. Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Doug. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On Thu, 6 Dec 2007 09:51:16 -0500, Douglas A. Tutty [EMAIL PROTECTED] said: Personally, if this thread is to continue, I would like to see it move from a Why doesn't OpenBSD do things this way? to a What are the threat models for OpenBSD identity theft and how can we protect ourselves?. Please don't. I am getting tired of deleting this stupid thread. The project has been around for more than ten years. Do you think the devs are so completely clueless about security that they haven't already thought about this? Actually, a couple of the devs have already spoken up on this topic and gave you the answer so please shut up already. Sorry for adding to the talk talk talking, but people like Theo actually read all this crap and it's wasting their time.
Re: Code signing in OpenBSD
do you have any idea how hard it really is to mount such an attack? without being detected? and what's the trojan going to do? copy all your secrets to their national citizen oppression center? how do they get their nefarious packets through your firewall without notice? Of course they won't do that. The US government has rules about what it can collect and put in it's own databases and use. Forward thinking people put careful rules in place preventing the government from legally playing big brother... Of course it has no such rules about what data in private databases it can in retrieve and use. The brownshirts can pretty much go in there and get anything they want anytime. Forward thinking people kind of had the blinders on about that one. Wow that Google toolbar sure is nice... ;) -Bob
Re: Code signing in OpenBSD
HITLER AND MORE HITLER On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote: Ted Unangst wrote: give it a rest guys. Ted says everything is ok. We can pack up and call it a day, knowing that everything's settled once and for all. Seriously, if the process has been already worked out, then point to where it is written up. Maybe we're not looking in the right part of the FAQ. -Lars
Re: Code signing in OpenBSD
there seems to be a fine, pink mist in the air. some time ago the matter comprising this mist was a live and healthy horse. On Thu, Dec 06, 2007 at 12:39:39PM -0600, Marco Peereboom wrote: HITLER AND MORE HITLER On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote: Ted Unangst wrote: give it a rest guys. Ted says everything is ok. We can pack up and call it a day, knowing that everything's settled once and for all. Seriously, if the process has been already worked out, then point to where it is written up. Maybe we're not looking in the right part of the FAQ. -Lars -- Christopher Linn celinn at mtu.edu | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.
Re: Code signing in OpenBSD
Ok. So Christopher, Marco, and Ted have spoken up to inform the list that they do not know an answer. Christopher Linn wrote: there seems to be a fine, pink mist in the air. ... To be sure the topic has been covered earlier, but just where are there relevant message archives, presentations or documents finding a practical solution to the problem of getting an initial set of binaries? -Lars
Re: Code signing in OpenBSD
On Thursday 06 December 2007 05:52:46 Hannah Schroeter wrote: Hi! On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote: [...] You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare say that someone breaking into a site might find all the appropriate tools to re-sign things, too, and do the spoof that way. If I released code with cryptographic signatures, I'd not leave a secret key file, nor a passphrase on the servers with the master web/ftp site. I'd sign on a box you can't access from the master site (nor the mirrors). So, no, the attacker would *not* gain access to signing tools (ok, yes, the tools, perhaps, like gpg or openssl, but not the key material). --STeve Andre' Kind regards, Hannah. Heh--you're intelligent. But I know of two places where everything was stored on the one machine, and I think one of those sites still hasn't gotten it through their heads that this isn't a good idea. --STeve Andre'
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 09:39:59PM +0200, Lars Nood??n wrote: Ok. So Christopher, Marco, and Ted have spoken up to inform the list that they do not know an answer. You can't possibly be this dense. Let me try to spell it out. YOU see an issue WE don't. That makes YOU responsible for fixing it. All reasons have been given to you why this is not even remotely a good idea however you keep coming back for more. So again you care we don't; how does that make that OUR responsibility? Christopher Linn wrote: there seems to be a fine, pink mist in the air. ... To be sure the topic has been covered earlier, but just where are there relevant message archives, presentations or documents finding a practical solution to the problem of getting an initial set of binaries? You can't. Either get over it or use an operating system with a trusted vendor like Microsoft or Apple. That pesky Open Source stuff can't be trusted because its on the internets. -Lars
Re: Code signing in OpenBSD
Daniel Bosk wrote: Brad, you really did start some thread. Starting with a rather innocent question. Interesting reading though. My best to all of you, Daniel Thanks, I love OpenBSD. I see the lack of signed code and signed communication as a potential security issue. It *has* happened to other projects and I'd hate to see it happen to OpenBSD. I'd love to see PKI (specifically developer key pairs) incorporated into OpenBSD at some point... it's such a great project that produces a great product! Whatever happens, I will continue buying the CDs, T-shirts and telling my IT buddies to use it!!! All the best, A guy who claims to be Brad Tilley :) -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Paranoia is a disease... it distorts your thinking and your logical faculty. I'd be more concerned about THAT if I were in your position. It's stupid to rework the infrastructure to support signing, especially considering the benefits (none.) Plus, you have to trust the OpenBSD developers (GASP!) And think of all the other ways you could be compromised, which most are much easier to implement. Hardware keyloggers Social engineers Bad passwords Physical Security? etc. And just what are they going to get? Do you have some sort of cloak-and-dagger data on your box? -- Travers Buda
Re: Code signing in OpenBSD
What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one justifiable use for them. If the OpenBSD developers didn't care about secure communications, then OpenSSH would not exist. On Dec 5, 2007 3:03 PM, new_guy [EMAIL PROTECTED] wrote: Lars Hansson-5 wrote: No. OpenBSD doesn't sign code. --- Lars Hansson Oh that surprises me, are OpenPGP signatures used for anything? Errata, official communication, etc... maybe this is a stupid question, by it seems everyone does it these days... even small software projects. Not being critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
On 12/5/07, Lars Hansson [EMAIL PROTECTED] wrote: On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? No. OpenBSD doesn't sign code. Well, there's the MD5 files (e.g. http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5). but yeah, for the most part OpenBSD doesn't need it. -Nick
Re: Code signing in OpenBSD
Nick Guenther wrote: Well, there's the MD5 files (e.g. http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5). but yeah, for the most part OpenBSD doesn't need it. -Nick Could you explain in more detail? Why doesn't OpenBSD need to use pgp keys? Really, I'm not trying to start anything, I just want to understand. Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux Kernel, etc... they all employ some sort of PKI mechanism... so how does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. What are the risks you are trying to address? What are the widely known benefits of PKI? Who downloads and installs openbsd binaries *FROM AN EMAIL*? Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
Ah, my apologies. I was looking at the wrong thing. No further comment. On Dec 5, 2007 6:18 PM, Brad Tilley [EMAIL PROTECTED] wrote: Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt * One example of a signed Linux Kernel path... there are many others: ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign * One example of signed FreeBSD code... there are others: http://taosecurity.blogspot.com/2007/11/updating-freebsd-70-beta2-to-70-beta3.html Some examples of signed communications from FreeBSD NetBSD: http://www.freebsd.org/internal/ssh-keys.asc http://mail-index.netbsd.org/netbsd-announce/2004/02/20/.html On Dec 5, 2007 12:59 PM, Kevin Stam [EMAIL PROTECTED] wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. You've also conveniently ignored bofh's question. Why do you see this as being an issue? What risks does PKI mitigate? Did you just vaguely read somewhere in an advertisement about the supposed security benefits?
Re: Code signing in OpenBSD
For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. You've also conveniently ignored bofh's question. Why do you see this as being an issue? What risks does PKI mitigate? Did you just vaguely read somewhere in an advertisement about the supposed security benefits? On Dec 5, 2007 5:22 PM, new_guy [EMAIL PROTECTED] wrote: Nick Guenther wrote: Well, there's the MD5 files (e.g. http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5). but yeah, for the most part OpenBSD doesn't need it. -Nick Could you explain in more detail? Why doesn't OpenBSD need to use pgp keys? Really, I'm not trying to start anything, I just want to understand. Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux Kernel, etc... they all employ some sort of PKI mechanism... so how does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list archive at Nabble.com. JI
Re: Code signing in OpenBSD
BOFH-5 wrote: Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to. In fact, he has a few of his own: Bruce Schneier [EMAIL PROTECTED] 0x4C92D93D 20481997/10/16 Never Bruce Schneier [EMAIL PROTECTED] 0x7EDE4C65 10241995/09/26 Never Look him and his company Counterpane up yourself: http://keyserver.veridis.com:11371/ -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176573 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD is the most secure OS, the devs know what they are doing.. and they've rejected this as uneccessary. I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. You can check the MD5 files for the main distribution, and for packages.. well the official OpenBSD mirrors are all trustworthy--if they aren't, it will be discovered and they will no longer be official mirrors. This isn't a great answer, I know. Definitely not a great answer, as there are vectors of attack which cover the client acessing the mirror and not the mirror in itself, like changing on-the-fly the md5sums to match the bad binaries, etc... A digital signature would enable the non-repudiation of the fingerprints file (at least), giving a moderate level of assurance that attack vectors would have to concentrate on upstream development servers (where the devs *really* know what they are doing). Rui -- Hail Eris! Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Code signing in OpenBSD
Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt * One example of a signed Linux Kernel path... there are many others: ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign * One example of signed FreeBSD code... there are others: http://taosecurity.blogspot.com/2007/11/updating-freebsd-70-beta2-to-70-beta3.html Some examples of signed communications from FreeBSD NetBSD: http://www.freebsd.org/internal/ssh-keys.asc http://mail-index.netbsd.org/netbsd-announce/2004/02/20/.html On Dec 5, 2007 12:59 PM, Kevin Stam [EMAIL PROTECTED] wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. You've also conveniently ignored bofh's question. Why do you see this as being an issue? What risks does PKI mitigate? Did you just vaguely read somewhere in an advertisement about the supposed security benefits?
Re: Code signing in OpenBSD
On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? yes.
Re: Code signing in OpenBSD
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough to spend $50 on it.. Yeah. I'll get right on that. -Bob
Re: Code signing in OpenBSD
On Dec 5, 2007 12:41 PM, new_guy [EMAIL PROTECTED] wrote: BOFH-5 wrote: Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to. In fact, he has a few of his own: I'm not ridiculing PGP keys. I used to run PKI (Entrust) at a fortune 100 company. Whenever I hear people screaming about using PKI, I always want to know - exactly what problem are you trying to solve or prevent, or what risk you are trying to address. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one justifiable use for them. If the OpenBSD developers didn't care about secure communications, then OpenSSH would not exist. Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. Are you *sure* of that? You might want to read http://www.schneier.com/paper-pki-ft.txt I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD is the most secure OS, the devs know what they are doing.. and they've rejected this as uneccessary. You can check the MD5 files for the main distribution, and for packages.. well the official OpenBSD mirrors are all trustworthy--if they aren't, it will be discovered and they will no longer be official mirrors. This isn't a great answer, I know. -Nick
Re: Code signing in OpenBSD
Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one justifiable use for them. If the OpenBSD developers didn't care about secure communications, then OpenSSH would not exist. Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. sign it yourself, then download it. problem solved.
Re: Code signing in OpenBSD
On Wed, 5 Dec 2007 08:46:16 -0800 (PST), new_guy wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. Hmm, you have a financial interest in a CA? Or you just believe you know more about PKI security than Schneier does? http://www.schneier.com/paper-pki.html Now tell us all why you would trust PKI so absolutely. Rod/ Me...a skeptic? I trust you have proof.
Re: Code signing in OpenBSD
Yes, that's what I gathered was meant. Going into PKI and code signing, however, I assumed he meant signing and verifying the underlying source code, and navigating the trees, I haven't noticed that. Evidently he meant signing binary packages. In that case, I can kind of understand the requirement - particularly for business - but whether it's worth it is up to the OpenBSD team, not me. :) I'm having trouble seeing how somebody could easily manage to get a compromised binary onto OpenBSD servers. Seems more trouble to implement then it's worth. On Dec 5, 2007 7:13 PM, Dave Ewart [EMAIL PROTECTED] wrote: On Wednesday, 05.12.2007 at 17:59 +, Kevin Stam wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. I'm guessing that he's referring to the fact that some Linux *distributions* (not the kernel developers or necessarily any of the components) sign their binary packages: for example Debian do this. I believe one of the supposed benefits of this is that it allows anyone to set up a public Debian mirror and, after checking the signatures during download, one can be sure that they are 'real' Debian packages. I believe that in some circumstances this may lead to a false sense of security: - Said mirror could have old (vulnerable) versions of packages. Just because they're signed doesn't mean they're safe; - The signing relates only to the packaging: if the underlying source code is compromised, then all bets are off. Would signing help for OpenBSD? I don't particular see that it would, given that you are trading off the hassle of implementing it, maintaining it and so on, against the benefits of doing so, which are probably small or non-existent. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Code signing in OpenBSD
On Dec 5, 2007, at 7:46 PM, Rui Miguel Silva Seabra wrote: I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Who would sign the binaries? Would each package maintainer sign his own packages? Does Theo have to sign each package? I don't see a problem in having signatures for software but I do see problems in creating and maintaining an infrastructure for these signatures. And what would you gain? What guarantees would these signatures give you? You can verify package consistency with md5 sums. If you are paranoid, why would you trust the devs? You would just compile the software yourself. But only after reading each line of code of course. Floor Terra
Re: Code signing in OpenBSD
If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough to spend $50 on it.. Yeah. I'll get right on that. I do buy CDs. T-shirts too. I also donate. You guys live up to the reputation :)
Re: Code signing in OpenBSD
On Dec 5, 2007 2:23 PM, Ted Unangst [EMAIL PROTECTED] wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. sign it yourself, then download it. problem solved. Buy the CDs?
Re: Code signing in OpenBSD
blah blah blah have you ever wondered why openbsd doesn't do binary updates? maybe you are now going to be able to figure out why we don't need complex signing mechanisms. On Wed, Dec 05, 2007 at 06:46:01PM +, Rui Miguel Silva Seabra wrote: On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD is the most secure OS, the devs know what they are doing.. and they've rejected this as uneccessary. I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. You can check the MD5 files for the main distribution, and for packages.. well the official OpenBSD mirrors are all trustworthy--if they aren't, it will be discovered and they will no longer be official mirrors. This isn't a great answer, I know. Definitely not a great answer, as there are vectors of attack which cover the client acessing the mirror and not the mirror in itself, like changing on-the-fly the md5sums to match the bad binaries, etc... A digital signature would enable the non-repudiation of the fingerprints file (at least), giving a moderate level of assurance that attack vectors would have to concentrate on upstream development servers (where the devs *really* know what they are doing). Rui -- Hail Eris! Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Code signing in OpenBSD
On 12/5/07, bofh [EMAIL PROTECTED] wrote: Why, I tell you, if you can just make openbsd more like windows, you'll get a lot more users Don't you care about market share? (Cue Theo's story about the VC who tried to dotcom-ize openbsd :-)) Oh? What story is that? I can't google it. Maybe the faq needs a prequel in front of it - if you are not willing to do the work, don't use openbsd. Doesn't it already have that, pretty much? -Nick
Re: Code signing in OpenBSD
That's irrelevant (the impersonating bit). What you have to understand is this - this is not a commercial venture, nor is openbsd looking to grow marketshare or ease of use or anything. This is a project by developers for themselves. Yes, they do sell CDs and so on to help support the project, and yes they have users that they support. But the moment the users become annoying and passes a certain threshold (which are different for different developers) those users become lusers (not saying you are one, btw). So, look at their objectives - does using pki solve anything for them? No, not really. Signing source code that goes into the tree - does it help? No, if an intruder got in, they would have gotten the key anyway. Signing binaries? What's on the primary server is considered authoritative. Or you can compile your own. Binary updates? Don't do it. Mirrors - they currently use MD5 which is cheap and fast and good enough. So, to put in a complicated pki and so on would add overhead that is really useless to the developers. It may benefit some users. But does the benefit outweigh the cost? Not currently, according to the developers. Now, if you're willing to fund it, and do the work, and manages to gain Theo's trust, then you get to do it. But else, I don't really see the devs taking on this additional work for fun. And ultimately that's what they're doing - having fun. Now, it could be that tomorrow one of the devs catches the pki bug - then suddenly, all these can and will happen. But I doubt it. On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Bob Beck-2 wrote: If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough to spend $50 on it.. Yeah. I'll get right on that. -Bob One last thought. You insinuate in this post that I do not buy CDs or support OpenBSD. I claim that I do. There is a person listed by my name on the donations page... but since I was not given the opportunity to digitally sign my donation ;) I could just be impersonating that person. How is that for irony? I'll go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from the openbsd user - misc mailing list archive at Nabble.com. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
Bob Beck-2 wrote: If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough to spend $50 on it.. Yeah. I'll get right on that. -Bob One last thought. You insinuate in this post that I do not buy CDs or support OpenBSD. I claim that I do. There is a person listed by my name on the donations page... but since I was not given the opportunity to digitally sign my donation ;) I could just be impersonating that person. How is that for irony? I'll go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Lars Hansson-5 wrote: No. OpenBSD doesn't sign code. --- Lars Hansson Oh that surprises me, are OpenPGP signatures used for anything? Errata, official communication, etc... maybe this is a stupid question, by it seems everyone does it these days... even small software projects. Not being critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help? Answer: it doesn't. Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. Creating a (digital) signature (with the right key) is significantly more complex. Using CDs to distribute the code make the attack of course rather complicated. Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature.
Re: Code signing in OpenBSD
On Wednesday, 05.12.2007 at 17:59 +, Kevin Stam wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. I'm guessing that he's referring to the fact that some Linux *distributions* (not the kernel developers or necessarily any of the components) sign their binary packages: for example Debian do this. I believe one of the supposed benefits of this is that it allows anyone to set up a public Debian mirror and, after checking the signatures during download, one can be sure that they are 'real' Debian packages. I believe that in some circumstances this may lead to a false sense of security: - Said mirror could have old (vulnerable) versions of packages. Just because they're signed doesn't mean they're safe; - The signing relates only to the packaging: if the underlying source code is compromised, then all bets are off. Would signing help for OpenBSD? I don't particular see that it would, given that you are trading off the hassle of implementing it, maintaining it and so on, against the benefits of doing so, which are probably small or non-existent. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007 at 11:23:28AM -0800, Ted Unangst wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. sign it yourself, then download it. problem solved. Forgive them, for they know not what they say... *sigh* :) Rui -- Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Code signing in OpenBSD
Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME* website?
Re: Code signing in OpenBSD
On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME* website? You're probably being sarcastic, but in the case of the master site, it doesn't matter, because all the slaves probably rsync from the master anyway. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On Wednesday 05 December 2007 11:46:16 new_guy wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one justifiable use for them. If the OpenBSD developers didn't care about secure communications, then OpenSSH would not exist. Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help? Answer: it doesn't. --STeve Andre'
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007 at 08:46:16AM -0800, new_guy wrote: Can you dismiss PKI Seems they do. The problem of signing code does not remove the problem of checking the signature. When you sign code and when you ask developers to do so, they need to own some private key which will let you check on the other side with a public key. This private key will have to be very protected. Now, what happens if there's a problem and that key is lost or stolen ? And more specifically, what will happen if this very trouble happens and no ones does see it ? The key can be stolen without anyone knowing and then ? Of course, a blatant and direct hack will be detected but someone who does steal a private key is very cautious in acting as if the key is still secure (exactly like the Allies were able to decipher Enigma encoded messages because of re-use of IV-alike blocks by german submarine crypto responsables or predictible IV-alike according to the date on calendar : the Allies could read a lot but did not act on most and let some ships go down because they needed that secret, being able to decipher, to be kept a secret in order to remain a strategical advantage). You have two main things here. The code signing can be used in the developing process to only let developers add code (this would be another layer over the authentication that already does exist when they do cvs commits to the OpenBSD source tree) and that's Theo (and his developers) choice. If the technology is available and if those clever guys dont use it, I think there's a *hint* there. History has proven Theo and his folks do know a lot about security and especially its culture. Then, you have the distribution itself. Having the hashes stored at the same place as the files itself is not the best thing because if someone is able to change a file on a FTP (be it an official or non official ftp repository) I would hope this cracker will be clever enough to also update the hash files. Having the hashes being signed in some way could help if they are stored at the same place as binary or sources files, and if it's a writable media. Ok. Why not. But how many people are really going to download sources and/or binaries and have a gnupg locally installed PLUS having the public key that goes with the signing private key and are going to check ? Very, very few. If you want this to work, it has to be automated. Otherwise, it's going to be a lot of work, a lot of time spent by people that are quite busy and not for a lot of people on the other side that will really use it. And here comes the head of the nightmare snake we all know about : implementation. Security is a good thing to have. Ideas that can improve it too. But implementation is critical, as it's very often a weak point to attack (remember Netscape's PRNG generator used to attack its SSL ?) And if I remember correctly, Theo often said that if you do think a feature is missing, you should code and shut up and when it's working, tell the people about hey guys I did start from OpenBSD and did this and that to improve the distribution security, how about using it now since it works and it's a real friendly license ? I do not think thus that adding signing to sources will help that much and if it does, the openbsd devs will do it if it's really a good thing (openbsd, openssh.. those guys fucking now what they are doing man..) Signing the hashes could help but you do know very few people are really going to check those. And when you do binary installation, you have hashes of the packages (source and binary) that are used and automatically checked when using ports. This is good because it is systematic and automated. But the problem of trust remains : a signature proves nothing. It just tells you that a package is indeed signed by someone you probably dont personally know and you should ask yourself if you trust him/her. And if it comes to a trust problem, well don't use it. History did prove them right and serious and that's enough for me. And I trust my backups first or before anything else. -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep
Re: Code signing in OpenBSD
On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help? Answer: it doesn't. Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. Creating a (digital) signature (with the right key) is significantly more complex. Using CDs to distribute the code make the attack of course rather complicated. Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature. You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare say that someone breaking into a site might find all the appropriate tools to re-sign things, too, and do the spoof that way. --STeve Andre'
Re: Code signing in OpenBSD
bofh wrote: On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME* website? You're probably being sarcastic, but in the case of the master site, it doesn't matter, because all the slaves probably rsync from the master anyway. You know something is wrong when the checksum changes when the files have not changed ;-) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
But, my god, you're asking people to do actual work? Goddamn it, you aren't doing your bit to improve the ease of use of people using openbsd. Where's the one click gui to install everything that I want (but only what I want and nothing more!)? It is positively embarassing that I have to use a text based installer when my linux lusing friends can use a mouse and click install (never mind that I get it done in a quarter of the time they do - but they have a pretty gui, and it's even skinnable) Why, I tell you, if you can just make openbsd more like windows, you'll get a lot more users Don't you care about market share? (Cue Theo's story about the VC who tried to dotcom-ize openbsd :-)) Oh, by the way, can I have some dancing girls to come hold my hands as I install it. Maybe the faq needs a prequel in front of it - if you are not willing to do the work, don't use openbsd. Tongue in cheek On 12/5/07, Marco Peereboom [EMAIL PROTECTED] wrote: blah blah blah have you ever wondered why openbsd doesn't do binary updates? maybe you are now going to be able to figure out why we don't need complex signing mechanisms. On Wed, Dec 05, 2007 at 06:46:01PM +, Rui Miguel Silva Seabra wrote: On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD is the most secure OS, the devs know what they are doing.. and they've rejected this as uneccessary. I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. You can check the MD5 files for the main distribution, and for packages.. well the official OpenBSD mirrors are all trustworthy--if they aren't, it will be discovered and they will no longer be official mirrors. This isn't a great answer, I know. Definitely not a great answer, as there are vectors of attack which cover the client acessing the mirror and not the mirror in itself, like changing on-the-fly the md5sums to match the bad binaries, etc... A digital signature would enable the non-repudiation of the fingerprints file (at least), giving a moderate level of assurance that attack vectors would have to concentrate on upstream development servers (where the devs *really* know what they are doing). Rui -- Hail Eris! Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: Code signing in OpenBSD
On Thu, 06 Dec 2007 02:35:38 +0100, Gilbert Fernandes [EMAIL PROTECTED] wrote: Signing the hashes could help but you do know very few people are really going to check those. Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've selected for download has both been hacked. This does not protect against the master site being owned though, though I guess that'd be noticed and announced. Easy thing is to use the CDs though, just as people has already stated. =) -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Re: Code signing in OpenBSD
On Thu, Dec 06, 2007 at 04:03:48AM +0100, Linus Sw?las wrote: Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've selected for download has both been hacked. This does not protect against the master site being owned though, though I guess that'd be noticed and announced. Having this being the default on ports could be a good thing perhaps. The script would download the package from a FTP and hashes from another one. But the hashes are already stored inside the folder of the package on the ports.. so to what use ? Sources that get downloaded are hashed and the value compared to the one stored by the package maintainer. And you have to trust this person to be serious. And even if he is, if he grabs the latest version of sources for XYZ and those got a hole non published (far, far more easy to use tools to check sources for potential holes to use rather than go hack their repositories...) that won't change anything. Security is a link as Bruce Schneier explained, and it will break at its weakest point. And if it breaks anywhere, the whole thing can go down. Thus, security is a constant process. You select a good quality operating system (a BSD for example) and you don't install anything on it eyes closed. And you do backups. And you store them in a media not connected to anything. And you use various tools to check everything (firewall, rootkit checker, arp tool, etc. etc. ad nauseum). It's really an education. And if you are cautious with backups and make it part of your current life, when shit happens you have solutions. And if shit can happen, it will.. :) -- unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature. You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare Hmm, did you read what I wrote? The breakin was detected due to the digital signature. Anyway, it's obviously up to the OpenBSD developers what they do.
Re: Code signing in OpenBSD
On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies implement pointless security policies. --- Lars Hansson
Re: Code signing in OpenBSD
On Wed, Dec 05, 2007 at 07:02:03PM -0800, Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature. You know, you're descending into a recursive loop of if, if, if... and it never ends. OF COURSE if someone breaks into the site they could do things--once you've lost control of your site all bets are off. I dare Hmm, did you read what I wrote? The breakin was detected due to the digital signature. Anyway, it's obviously up to the OpenBSD developers what they do. Code signing has it's use, but it does not come for free. It's quite involved. As always, the key problem is key management, not the signing itself. As an illustration, read what I wrote when similar questions came up 5 years ago, and dont forget Dug Song's answer to my post. http://marc.info/?l=openbsd-miscm=103769360002468w=2 -Otto
Re: Code signing in OpenBSD
On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? No. OpenBSD doesn't sign code. --- Lars Hansson