Re: Reflections on Trusting Trust

On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote:
>Kurt Seifried <listuser@seifried.org> wrote:
>
>>should have people upload their keys. On another note I am available 
>>to sign PGP keys (proving your key/identity is an excercise left to 
>>the reader =),
>
>or to the signer... the keys are available in the handbook (either from
>www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc)

But how do I know that the data I download from *.freebsd.org hasn't
been tampered with?  Either by a MITM attack between me and the real
*.freebsd.org site or a DNS attack redirecting me to a third site.
This was the nub of my original posting.

> And AFAIK this is all PGP is supposed to verify, that the person
>behind "user@example.tld" is the same as the person with access to the
>secret key for this address.

PGP is susceptable to MITM attacks - Ann asks Bruce for his public
key.  Mallory intercepts the request and substitutes his own public
key.  He can then intercept, alter and re-sign following exchanges so
neither Ann nor Bruce realise they have an intruder.

>But this assumes the signer trusts the FreeBSD.org security:

If you don't trust the FreeBSD Project you wouldn't run FreeBSD.

> Without ssh access there's no way to insert a key into the CVS
>repository.

Assuming no security holes in the infrastructure...  How can I tell
that my private copy of the FreeBSD Project's CVS repository is the
same as the one on whatever.FreeBSD.org?

-- 
Peter Jeremy
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"