We've all expressed reasonable doubt. In the US you can be assured that the USPS will open, scan, read, and deliver your mail. So it's reasonable to believe that they may also tamper with your openbsd CD's. Just buy the disks, let this thread die along with the stupidity of PCI-DSS (which I've danced the dance with for a great long while).
On Fri, Sep 13, 2013 at 9:20 AM, Kenneth R Westerback <kwesterb...@rogers.com> wrote: > On Fri, Sep 13, 2013 at 11:13:36AM +0300, Valentin Zagura wrote: >> Security itself is not the primary issue here. The issue is to easily prove >> an assessor "without reasonable doubt" that you are running the right thing. >> They will not worry about governments trying to break in with MITM signed >> ssl or about armies breaking in with the tanks. But they would worry about >> me not building the image the right way, someone tampering with the image >> or leaving the door unlocked at the server room. >> Also, they require people to take responsibility for the thing they do (in >> this case, CD images). > > "easily prove" and "without reasonable doubt" clash. To say the least. > > The entire thread has shown that all proposed courses of action, > most of which are "easy to use" rather than "easy to implement", > do not remove any more "reasonable doubt" than the current arrangements. > Unless one is a professor of metaphysico-theologo-cosmonigology > like Dr. Pangloss. Which, I concede, many a "security assessor" may > be. > > At least as far as "reasonable doubt" is understood by the OpenBSD > community. And what other understanding can we apply? > > .... Ken >
