Re: Revival of the signed debs discussion

To: Matthias Urlichs <smurf@smurf.noris.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: Werner Koch <wk@gnupg.org>
Date: Wed, 03 Dec 2003 14:39:05 +0100
Message-id: <[🔎] 87d6b6nhqe.fsf@alberti.g10code.de>
In-reply-to: <[🔎] 20031203122602.GA2549@play.smurf.noris.de> (Matthias Urlichs's message of "Wed, 3 Dec 2003 13:26:02 +0100")
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 1070384670.5053.14.camel@worldmusic.grep.be> <[🔎] 20031202184220.GA23655@khazad-dum.debian.net> <[🔎] pan.2003.12.02.21.16.29.11062@smurf.noris.de> <[🔎] 20031203104109.GB30785@grep.be> <[🔎] 20031203110809.GA29957@play.smurf.noris.de> <[🔎] 87iskynm0b.fsf@alberti.g10code.de> <[🔎] 20031203122602.GA2549@play.smurf.noris.de>

On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:

> I'm also a bit concerned about MitM attacks; the hash-or-whatever which

Obviously you can do this only using a secure channel.

> the local side is supposed to sign should probably be encrypted with the
> signer's public key, otherwise I can just replace the data packet with
> something that ends up signing a totally different file. :-/

And if I do that, I could also sign the file right at the remote
machine because the (or some) signature key must be available over
there ;-)

 Werner

Reply to:

Follow-Ups:
- Re: Revival of the signed debs discussion
  - From: Matthias Urlichs <smurf@smurf.noris.de>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Wouter Verhelst <wouter@grep.be>
- Re: Revival of the signed debs discussion
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Revival of the signed debs discussion
  - From: Matthias Urlichs <smurf@smurf.noris.de>
- Re: Revival of the signed debs discussion
  - From: Wouter Verhelst <wouter@grep.be>
- Re: Revival of the signed debs discussion
  - From: Matthias Urlichs <smurf@smurf.noris.de>
- Re: Revival of the signed debs discussion
  - From: Werner Koch <wk@gnupg.org>
- Re: Revival of the signed debs discussion
  - From: Matthias Urlichs <smurf@smurf.noris.de>

Prev by Date: Re: [custom] Debian Enterprise - flavors
Next by Date: RE: Backport of the integer overflow in the brk system call
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread