[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: signatures and checking
From: |
Andrew Suffield |
Subject: |
Re: [Gnu-arch-users] Re: signatures and checking |
Date: |
Tue, 27 Jan 2004 02:19:44 +0000 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
On Mon, Jan 26, 2004 at 05:50:42PM -0800, Tom Lord wrote:
>
> > From: Miles Bader <address@hidden>
>
> > Surely you can just treat the two cases separately:
>
> > Ask gpg (or whatever) to deliver the contents in case (2), by having a
> > `.arch-params/signing/*.contents' script, and just parse them directly
> in
> > case (1) (which is when you _don't_ have the script).
>
> > This would do the right thing, be simple to implement, not require any
> > awk scripts, and not require any new options to gpg....
>
>
> Interesting idea but no.
>
> That would create a partial exploit in which non .check'ing clients
> saw different checksum data from .check'ing clients.
>
> I don't immediately see any obvious way to turn that partial exploit
> into a complete one --- but it seems needlessly fragile, nevertheless.
Clients that are not checking signatures are only interested in
checksums for integrity checking against random bit errors; they have
no defences at all against hostile attackers. So exploits of this form
are not very interesting - there are much easier ways to exploit these
clients.
On the other hand, clients that are checking signatures *are*
interested in avoiding exploits from hostile attackers. The safest
thing to do there is to let gpg tell us what the signed data is; doing
something more complicated is more likely to introduce new bugs.
Incidentally, you don't need a different script, you can use stdout
from the existing check script.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature
Re: [Gnu-arch-users] signatures and checking, Andrew Suffield, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Robert Collins, 2004/01/27