[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs


        Yes, there is a weak point in _any_ public key scheme, and
 that is the distribution and update of the ``trusted'' keys. By
 leaving the choice upto the user, as is proposed below, we have the
 following issues:
 a) Unlike the new maintiainer team, users have even less information
    about the developers, and it may be that no significant set of
    users shall ever have enough information to determine the trust
    level of individual developer's keys.
 b) We have not increased the security any, we have, though, increased
    the cost of the solution, cause _all_ keys now have to be
    ascertained in some manner.

        Having a single key does indeed create a single point of
 failure, but this is a known fact, and we can expend significant
 effort to maintain the integrity of the single key (never put on a
 networked computer, only used for signing the debian keyring, etc). 

        If we have a single key, and it is ever compromised, it shall
 be major news, and people whould be informed of the compromise a lot
 easier. We then just distribute the new key, which maybe signed by a
 number of developers (lotsa phone calls to get that done).

        The single key can be well publicised, printed in books on
 Debian, on the web site, in peoples signatures, in /usr/doc/*
 area. Having a single key shall give us a means of distribution (by
 wide poulicity of the fingerprint) that would make tampewring
 extremely hard.


>>"Chris" == Chris Lawrence <quango@watervalley.net> writes:

 Chris> I think when the issue has come up in the past, it's been a problem
 Chris> with there being a single point of failure in the system (the "one,
 Chris> true, Debian key").  Just because nobody's hacked RH's system to get
 Chris> the key doesn't mean it won't happen...

 Chris> OTOH, I can see a pgp/gnupg signature made, at the time of upload, by
 Chris> developers; then you can decide which developers you trust (hopefully
 Chris> all of us, but it's more fine-grained from your POV).  I believe this
 Chris> was recently discussed here (or maybe on policy)...

 A Chicago salesman was about to check into a St. Louis hotel when he
 noticed a very charming woman staring admiringly at him.  He walked
 over and spoke with her for a few minutes, then returned to the front
 desk, where they checked in as Mr. and Mrs. After a very pleasurable
 three-day stay, the man approached the front desk and told the clerk
 he was checking out.  In a few minutes, he was handed a bill for
 $2500. "There must be some mistake," the salesman said.  "I've been
 here for only three days." "Yes, sir," the clerk replied.  "But your
 wife has been here a month and a half."
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: