Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 21 Jun 2003 20:36:25 -0700
From:      David Schultz <das@FreeBSD.org>
To:        Colin Percival <colin.percival@wadham.ox.ac.uk>
Cc:        chat@FreeBSD.org
Subject:   Re: Cryptographically enabled ports tree.
Message-ID:  <20030622033625.GA60460@HAL9000.homeunix.com>
In-Reply-To: <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>
References:  <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> <5.0.2.1.1.20030622022111.02c1cdf8@popserver.sfu.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 22, 2003, Colin Percival wrote:
> At 18:18 21/06/2003 -0700, David Schultz wrote:
> >We already have MD5 checksums of each port, so all it takes is to
> >have so@ sign a MAC for the entire ports tree.
> 
>   Yes, I'm sure the security officers would be delighted to login and 
> enter a PGP passphrase every time someone commits something to the ports 
> tree. ;)
> 
> >  Now doing
> >something more sophistocated and seamless would be a little bit
> >more effort...
> 
>   What we need is something integrated into the CVS system which rebuilds 
> the necessary signatures every time the ports tree is modified, and commits 
> those into the CVS tree.  Any CVS experts around who could say how to do 
> this?

You don't even have to do that.  The tree just needs to be signed
once for every release.  Signing it more often requires that the
key be online, which is not a good idea from a security point of
view.  That's why DNSSEC and other protocols that have a
signature-based infrastructure allow for offline signing.  I don't
see why people need to update their ports tree more often than
once a release.

Granted, anyone who wanted to offer a (less secure) daily port
tree signing service or something, they could easily do so with
access to cvsup-master.  (It used to be you could talk to jdp@ for
this; I'm not sure who is responsible now.)  Actually, I'm not
sure whether cvsup's authentication is one-way or two-way, though.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030622033625.GA60460>