[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Dump
|
From: |
Jeff Johnson |
|
Subject: |
Re: [Sks-devel] Dump |
|
Date: |
Fri, 15 Oct 2010 13:37:32 -0400 |
On Oct 15, 2010, at 1:22 PM, Jeff Johnson wrote:
>
> On Oct 15, 2010, at 12:54 PM, Jesus Cea wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 14/10/10 17:49, Jeff Johnson wrote:
>>> Anyone interested in using mongo gridfs for SKS dump file distribiution?
>>
>> How do you cope with malfunctioning/hostile/malicios MongoDB instances?.
>>
>
> Signing the sks-dump files isn't rocket science. Nor is setting up mongodb
> authentication.
>
There's a far better answer designed into RFC 2400/4880 tags.
The pubkey materiel is fingerprinted, and there's signatures out the wazzoo
in sks-dump files. So the risk of tampering (as in maliciously modifying)
is no different than any other usage case for OpenPGP.
There's still the possibility of malicious deletions, but the sks-dump
files are used with SKS keyservers which will "fix" any malicious deletions.
That still leaves malicious additions, but that's not any different than, say,
uploading Yet Another pubkey through a web interface that ends up in a
sks-dump*.pgp file.
The only remaining risk is DoS rendering the download useless for its intent.
But that's no worse than FTP transport, is it?
hth
73 de Jeff
- [Sks-devel] Re: Dump, (continued)
- Re: [Sks-devel] Dump, Jens Leinenbach, 2010/10/14
- [Sks-devel] Dump, R P Herrold, 2010/10/14
- Re: [Sks-devel] Dump, Robert J. Hansen, 2010/10/14
- Re: [Sks-devel] Dump, Jeff Johnson, 2010/10/14
- Re: [Sks-devel] Dump, Jesus Cea, 2010/10/15
- Re: [Sks-devel] Dump, Jeff Johnson, 2010/10/15
- Re: [Sks-devel] Dump,
Jeff Johnson <=
- [Sks-devel] Re: Dump, Matthew Palmer, 2010/10/15
- Re: [Sks-devel] Re: Dump, Jeff Johnson, 2010/10/15
- Re: [Sks-devel] Dump, Christoph Anton Mitterer, 2010/10/15
- [Sks-devel] Re: Dump, Christoph Anton Mitterer, 2010/10/14
[Sks-devel] Dump, Sebastian Urbach, 2010/10/13