[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Tue, Jun 29, 2004 at 06:34:07PM +0100, Colin Watson wrote:
> On Tue, Jun 29, 2004 at 06:28:49PM +0100, Andrew Suffield wrote:
> > On Tue, Jun 29, 2004 at 02:56:39PM +0200, Frank K?ster wrote:
> > > What's the difference between Martin trusting the certificates of that
> > > company and your trusting any DD's gpg signature? It seems the
> > > difference is that Martin knows people from the company personally,
> > > while you don't know most DDs.
> > 
> > No, the difference is that you only have to trust one DD,
> Actually, you have to trust all of them, because they all have effective
> root access to your system (unless you audit every upload, which is
> about as plausible as people checking every SSL certificate).

Different issue (and it's not quite as bad as it sounds).

> > while you have to trust the janitors from the company, who are
> > probably immigrants working for a pittance.
> Only if the company is foolish enough to allow anyone who wanders in the
> door to make a signature from their CA.

Honestly now, do you really think it will be that hard? Once you have
physical access to the user workstations, you can take those and work
up. It only takes one user being lazy or stupid. I've never heard of a
company where *every* user was sufficiently careful.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: