[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] Re: signatures and checking
From: |
Tom Lord |
Subject: |
[Gnu-arch-users] Re: signatures and checking |
Date: |
Mon, 26 Jan 2004 17:50:42 -0800 (PST) |
> From: Miles Bader <address@hidden>
> Surely you can just treat the two cases separately:
> Ask gpg (or whatever) to deliver the contents in case (2), by having a
> `.arch-params/signing/*.contents' script, and just parse them directly in
> case (1) (which is when you _don't_ have the script).
> This would do the right thing, be simple to implement, not require any
> awk scripts, and not require any new options to gpg....
Interesting idea but no.
That would create a partial exploit in which non .check'ing clients
saw different checksum data from .check'ing clients.
I don't immediately see any obvious way to turn that partial exploit
into a complete one --- but it seems needlessly fragile, nevertheless.
-t
- [Gnu-arch-users] signatures and checking, Tom Lord, 2004/01/26
- [Gnu-arch-users] Re: signatures and checking, Samuel Tardieu, 2004/01/26
- [Gnu-arch-users] Re: signatures and checking, Miles Bader, 2004/01/26
- [Gnu-arch-users] Re: signatures and checking,
Tom Lord <=
- [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Andrew Suffield, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Robert Collins, 2004/01/27
- Re: [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/27
- [Gnu-arch-users] Re: signatures and checking, Neil Stevens, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Andrew Suffield, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Robert Collins, 2004/01/27