-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 22 Nov 2002 06:41:59 -0800 Matthew Toseland <[EMAIL PROTECTED]> wrote: >On Fri, Nov 22, 2002 at 08:42:29AM -0500, Michael T. Babcock wrote: >> > Date: Mon, 18 Nov 2002 08:51:05 -0800 >> > To: [EMAIL PROTECTED] >> > From: [EMAIL PROTECTED] >> >> > > You can, of course, revoke signatures with GPG without a problem >> > > and then sign the distributions with it (at least as a detached >> > > signature). >> > > >> > > The installer could offer to check that signature by calling >GPG >> > > but this is highly insecure (as anyone who replaced the binary >would >> > > forge the call). What you really want is for people to check >the >> > > signature themselves (with GPG/PGP). >> >> > Yes thats excellent from a corporate perspective since the more >areas >> > you leave for the l'users your customers to fuckup the less >liability >> > you have. >> > >> > However in an open for the most part volunteer project such >liability >> > and profit concerns do not arise so for that reason the developers >can >> > afford to design systems to protect the l'user from their own > >> > incompetence and are necessary if one cares to attempt to offer >security >> > and anonymity rather than create opportunities to destroy it. >> >> Your complete lack of grammar and ability to express yourself >coherently dear dear, I bullshit for a living but have arrived at a point i do what ever i find fun and entertaining, but specialze in teen-parent psych so i only spell check when im paid to. >> is somewhat distressing but I'll reply nonetheless. >> yes its also effective bait for the anal rententive >> My comment had nothing to do with liability and in fact I do security >> consulting for individuals and businesses; I am not a lawyer, >and do not >> care about liability issues in this type of arena. >> Its not the point, rats running corporate mazes or any maze soon foget the walls form their behavior, but from a usablilty perspective freenet right now hase enough ways in configurable options to really screw yourself up and perhaps the nodes around you. The most common really dumb thing I've seen and MS walks then right into it, is people putting everything they ever see or touch on their desktop. Condsider how bad the "computer literate" user really is offering a another realy great way to screw themselves isnt a good idea. The level freenet requires now is, "if you can rebuild a carburator without a manual you can run freenet", the ideal is more like "press play" than crash courses in encrption technology and techniques. Fine if its to remain a protocol for motivated unix geeks, chinese dissidents terrorists theives and pornographers with technical experinece thats laudible alone, but with the recent p/r it was found people couldnt determine their own ip. So the objection was the general direction, let the experts hammer out the hows and why. However if ure having problems with ure teens i'll be glad to take to take 60 to 100 grand off ya. My favorite trick to gain confidence is tell'em they're fine they're parents are fucked and here's the papers to involunatily commit them to the nearest "county" facility. Never failed yet to make them feel comfotable and empowered. >> The problem that arises with digitally signed binaries is that >the >> signature checking system _must not_ be distributed with the binaries >to >> be checked and the signatures or signator keys _must_ be available >out of >> band. >Signatures require a) somebody checks THE WHOLE SOURCE for trojans. >This >will take weeks and therefore will never happen. b) that we can >keep the >private key secure. This is unlikely. >> >> If the binaries are signed and come with a detached signature, > any user can >> double-click the signature file and receive a PGP/GPG message >asking if >> they wish to check the signature. The installer can easily come >with the >> instructions to check the signatures, as well as a short commentary >on why >> this important for the security of their file store and the project >as a >> whole. The binaries, however, must be assumed to be untrusted >and untrustable >> for the sake of such a discussion and as such, only the method >I described >> keeps the user from receiving a message such as 'signature checks >out' when >> in fact the image they received was either tainted or damaged. >> >> Feel free to reply with a full discussion / reasoning behind your >wanting to >> do things any differently for this (preferably technical) and >I'll listen. >> There is no reason _not_ to distribute detached signatures for >each of the >> installer and/or JAR images. Signed JAR files are also possible >and checkable >> with IE or Mozilla for that matter. Please do some research ... >Signed JAR files go through verisign. That is not good. >> >> -- >> Michael T. Babcock >> CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, > etc) >> http://www.fibrespeed.net/~mbabcock/ >> > >-- >Matthew Toseland >[EMAIL PROTECTED] >[EMAIL PROTECTED] >Freenet/Coldstore open source hacker. >Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 >http://freenetproject.org/ > -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlcEARECABcFAj3eu9gQHGthYm9vbUBodXNoLmNvbQAKCRB5zuO1YwPwCYJfAJwLhoLG Ohxe1G9zO29hGqvClfEb7gCfV4YjduNJUHl/h93OTYV5EtFp8EE= =bt9q -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com _______________________________________________ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
