security projects thoughts
Daniel J. Luke
dluke at geeklair.net
Mon Apr 18 10:54:11 PDT 2011
On Apr 18, 2011, at 1:50 PM, Jeff Johnson wrote:
>
>> so if someone wants to maliciously inject a package, he/she would have to impersonate the private SKS keyserver in order to be successful, right? I haven't run a keyserver, and am not really familiar with the protocol implementation, so I can't speculate as to whether that would be something that is sufficiently hard to do (presumably, it is cryptographically hard - otherwise it doesn't appear to give any added protection).
>
> Non-repudiable treats all content as "arbitrary". One needs to know the origin reliably,
> there's too many nuances to "malicious".
>
> So yes indeed: a "malicious" package that traverses the build system will
> receive a non-repudiable signature just like every other package.
I'm not asking here about a package traversing the build system, I'm asking about a 3rd party package that has a self-generated signature.
Presumably, an end-user would know it's not an 'official' build product because the public key wouldn't be in the registry (which I guess would be a keyserver).
My question was, how does the client know it's talking to a legitimate keyserver when it's validating the public key from the package.
--
Daniel J. Luke
+========================================================+
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
More information about the macports-dev
mailing list