[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Contrasting BSIGN and TRIPWIRE

On Mon, 14 Dec 1998, Oscar Levi wrote:

> I don't agree with your assessment.  Embedded signatures can be useful
> to a system administrator if the administrator trusts the signatures.
> For example, she would install a Debian system and run a process to
> resign all of the executables with her own key.  During this, the keys

Then why do we need to have signatures? I said that us putting signatures
on the packages is not usefull, the admin signing with their own private
key is entirely different.
> The only advantage of a separate database is to prevent tampering.
> If the administrator is paranoid to have no faith in the encryption,
> then this is the only safe course.  However, the strength of
> contemporary encryption is such that some people may feel it is
> appropriate to use embedded ones.  I suspect you are not one of
> those.  %^)

Encryption in itself is not a magic solution to this problem, only when
used properly in a safe and secure manner does it have meaning.


Reply to: