[freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure
Oh yes it's all so simple we sign the webinstaller in fact we don't even need to do that we just insert it under an SSK. /sarcasm. The problem is that we need to be able to revoke and/or update the signing key, otherwise a Bad Guy who got the key could destroy most of the network just by distributing compromized nodes. You can, of course, revoke signatures with GPG without a problem and then sign the distributions with it (at least as a detached signature). The installer could offer to check that signature by calling GPG but this is highly insecure (as anyone who replaced the binary would forge the call). What you really want is for people to check the signature themselves (with GPG/PGP). -- Michael T. Babcock CTO, FibreSpeed Ltd. ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure
-BEGIN PGP SIGNED MESSAGE- On Mon, 18 Nov 2002 06:53:51 -0800 Michael T. Babcock [EMAIL PROTECTED] wrote: Oh yes it's all so simple we sign the webinstaller in fact we don't even need to do that we just insert it under an SSK. /sarcasm. The problem is that we need to be able to revoke and/or update the signing key, otherwise a Bad Guy who got the key could destroy most of the network just by distributing compromized nodes. You can, of course, revoke signatures with GPG without a problem and then sign the distributions with it (at least as a detached signature). The installer could offer to check that signature by calling GPG but this is highly insecure (as anyone who replaced the binary would forge the call). What you really want is for people to check the signature themselves (with GPG/PGP). Yes thats excellent from a corporate perspective since the more areas you leave for the l'users your customers to fuckup the less liability you have. However in an open for the most part volunteer project such liability and profit concerns do not arise so for that reason the developers can afford to design systems to protect the l'user from their own incompetence and are necessary if one cares to attempt to offer security and anonymity rather than create opportunities to destroy it. I don't believe our system works, you fucked up is an appropriate goal in the circumstances. -BEGIN PGP SIGNATURE- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlcEARECABcFAj3ZGgwQHGthYm9vbUBodXNoLmNvbQAKCRB5zuO1YwPwCafmAJ0VR2EA Q3GynwO7lJWiDv7rs3JtVQCglgBMYXMvwzk4HGmT9V18k9ik+c8= =pxSH -END PGP SIGNATURE- Get your free encrypted email at https://www.hushmail.com ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure
On Fri, Nov 15, 2002 at 06:45:45PM -0500, Alex Snow wrote: If you want to make sure the webinstaller hasn't been messed with, just sign it with something like gpg. Oh yes it's all so simple we sign the webinstaller in fact we don't even need to do that we just insert it under an SSK. /sarcasm. The problem is that we need to be able to revoke and/or update the signing key, otherwise a Bad Guy who got the key could destroy most of the network just by distributing compromized nodes. Explorer has caused a general protection fault in module kernel32.dll. I'm sick of Winblows! - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 15, 2002 9:30 AM Subject: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure For a while now, we have been working on the distribution servlet, which is basically designed to allow people to give copies of Freenet, together with seednodes, to their friends erm - why? doesn't there exist some webinstallers? just bundle a webinstaller (or even a webinstaller-installer) with your seednodes and mail them away to the new user. hu will then receive this mail with some installing instructions/installer files and can build up hus (sounds stupid :p) node. the needed jar files can be d/led fom /snapshots/, or, if you think this may be potentially tainted somehow, d/led by a minimal-fred provided by the installer from the freenet under a CHK or SSK-site, which will contain all releases of fred, inserted by the developers. either way you will have a weak spot: the program that installs fred. either it will report you to someone or download a modified fred and install that one on your system. or you can not guarantee that your /snapshot/ files are valid, if you point the new user to the url to let him download the files all by himself. one possible way is to mirror the released snapshots and version within freenet, so noone can touch them, but to be able to rerach them, you already have to be able to access freenet, this speaks for a mini-fred, which will download the files for you. but the miniinstaler can be tainted, too, leaving you with a loop of possible weak points. i personally have no clue how you can make *sure* a user gets untainted files if the user does not have already freenet access. maybe it would be wise to start a new site within freenet, which will mirror the developers' cvs tree and snapshots *done by a trusted person (=devl)*, so one can be sure, the /snapshots/ files are not the only location to get one of the newer builds (it is possible to modify streams from a webserver, so you can be sure, it is possible to modify the response to your get some file from snapshots in that way, that you will receive a modified fred which can harm your anonymity) so at least you can make *sure* the user will stay clean if you start inserting the snapshots within freenet and use a SSK'ed site to gather them, too ---~~--- geeh - i think i have to read my mails more often so i've got to add something to General Discussion, nearly all of my topics have been adressed so far by others ;) ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support -- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ msg02171/pgp0.pgp Description: PGP signature
Re: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure
If you want to make sure the webinstaller hasn't been messed with, just sign it with something like gpg. Explorer has caused a general protection fault in module kernel32.dll. I'm sick of Winblows! - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 15, 2002 9:30 AM Subject: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure For a while now, we have been working on the distribution servlet, which is basically designed to allow people to give copies of Freenet, together with seednodes, to their friends erm - why? doesn't there exist some webinstallers? just bundle a webinstaller (or even a webinstaller-installer) with your seednodes and mail them away to the new user. hu will then receive this mail with some installing instructions/installer files and can build up hus (sounds stupid :p) node. the needed jar files can be d/led fom /snapshots/, or, if you think this may be potentially tainted somehow, d/led by a minimal-fred provided by the installer from the freenet under a CHK or SSK-site, which will contain all releases of fred, inserted by the developers. either way you will have a weak spot: the program that installs fred. either it will report you to someone or download a modified fred and install that one on your system. or you can not guarantee that your /snapshot/ files are valid, if you point the new user to the url to let him download the files all by himself. one possible way is to mirror the released snapshots and version within freenet, so noone can touch them, but to be able to rerach them, you already have to be able to access freenet, this speaks for a mini-fred, which will download the files for you. but the miniinstaler can be tainted, too, leaving you with a loop of possible weak points. i personally have no clue how you can make *sure* a user gets untainted files if the user does not have already freenet access. maybe it would be wise to start a new site within freenet, which will mirror the developers' cvs tree and snapshots *done by a trusted person (=devl)*, so one can be sure, the /snapshots/ files are not the only location to get one of the newer builds (it is possible to modify streams from a webserver, so you can be sure, it is possible to modify the response to your get some file from snapshots in that way, that you will receive a modified fred which can harm your anonymity) so at least you can make *sure* the user will stay clean if you start inserting the snapshots within freenet and use a SSK'ed site to gather them, too ---~~--- geeh - i think i have to read my mails more often so i've got to add something to General Discussion, nearly all of my topics have been adressed so far by others ;) ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support