security projects thoughts

Jeff Johnson n3npq at mac.com
Mon Apr 18 10:50:30 PDT 2011 

On Apr 18, 2011, at 1:39 PM, Daniel J. Luke wrote:

> On Apr 18, 2011, at 1:00 PM, Jeff Johnson wrote:
>> 
>>> Where is the public key registered? Does the end-user installer do something like:
>> 
>> In the scheme I outline, the package itself "registers" the pubkey.
> 
> I was actually interested in how/where the package registers the pubkey (and also how the end-user verifies this registration).
> 
>> If you don'y like "self signing", devise something different. There's
>> all sorts of ways to register pubkeys. If I'm forced to continue
>> with a registrar for RPM, then I will use a private SKS keyserver
>> submission and include a RFC 3161 trusted time stamp, most likely
>> from the service at startssl.
> 
> ... and I guess this is the answer?
> 

Yes. There plain and simply isn't infrastucture around (nor do I have time
to wrestle a regsitry infrastructure into existence with RPM) so the
analogy with "self signed host cert" will have to do.

> so if someone wants to maliciously inject a package, he/she would have to impersonate the private SKS keyserver in order to be successful, right? I haven't run a keyserver, and am not really familiar with the protocol implementation, so I can't speculate as to whether that would be something that is sufficiently hard to do (presumably, it is cryptographically hard - otherwise it doesn't appear to give any added protection).
> 

Non-repudiable treats all content as "arbitrary". One needs to know the origin reliably,
there's too many nuances to "malicious".

So yes indeed: a "malicious" package that traverses the build system will
receive a non-repudiable signature just like every other package.

If you can't protect your build system from "malicious" submissions,
then your build system is probably toasted and "0wned" already imho.

73 de Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110418/f587b8cd/attachment-0001.bin>

More information about the macports-dev mailing list