[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote:
> On 10802 March 1977, Florent Rougon wrote:

...

> 
> >   2. I have to trust the integrity of db.debian.org.
> 
> Signing the keys you would have to trust whoever signed it. Same thing.
> 

I don't see that as being the same thing at all. Without some reliable
source to verify the new host key, one just has to _hope_ that no
man-in-the-middle attack is occurring (as suggested by the ssh
warning). 

Without a signature, he has to trust that his DNS and/or proxy is
trustworthy, that db.debian.org is not compromised, and thus the
published key is correct & no MITM attack is occurring.

With a signature, he just has to trust that signer f00's key has not
been compromised, thus the published host key info is trustworthy and a
MITM is not happening.

It seems clear to me that the amount of trust required is much less in
the second scenario. Am I overlooking some obvious mitigating factor in
the first scenario?

-davidc

--
Get your facts first, and then you can distort them as much as you
please. -Mark Twain
Reply to: