On Sat, 12 Aug 2000, Kurt Seifried wrote:
If an attacker trojaned your local GnuPG binary or tampered with your public keyring, he could get false signatures past you.
This is just as true for the md5sum or sha1 binary on your system! You don't really "lose" anything. If the attacker can replace these binaries that means he has root locally on your system. This also means he can replace
Kurt is (almost) right. Although my public keyring is owner user (not root), in theory my user account is just as secure as root. I was wrong.
I am much more worried about someone running a mirror site and that site getting compromised (like ftp.win.tue.nl), the attacker trojans the files and md5sums on the remote site, users download and everything appears ok. With GnuPG that would not be possible,
I agree with Kurt and Volker here. I always did. I am sorry I was not clear. gpg signed distribution would be a *huge step forward*
the attacker would have to break into the SuSE machine used to sign packages. I assume this machine is NOT online, i.e. they have removable media such as a jaz drive to move the data, meaning <SNIP> "may be shared". <SNIP> Can we stick to facts instead of making them up?
I am sure key security at suse and redhat is good. But I know that Roman and Marc and Thomas all sign email announcements with the same security@suse.com private key. I suspect that Red Hat is the same. I expect my guess that they have their own copies was wrong. It is perfectly reasonable that they carry their email on sneakernet to an isolated signing machine, sign it, then copy the signed email back to their networked workstation. Even if their security is weaker than this 'best practice' gpg/pgp signing is still *a good thing*.
BTW IMHO the key doesn't need to be on the CD to be trusted. The SuSE key fingerprint is in chapter 18 of the manual. If you get a paper manual it is reasonably independent of the Internet.
I mean their pgp2 key fingerprint.
GnuPG key disitribution is a *LOT* easier, you only have to do it once,
gpg key distribution is no easier or harder than pgp, is it? It is much easier than md5 fingerprints - which have some technical problems as well as needing the secure channel of suse's pgp-signed announcements. dproc