[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

On Mon, Jan 09, 2006 at 04:03:41PM +1300, Nick Phillips wrote:
> On Fri, Jan 06, 2006 at 04:04:56AM -0800, Steve Langasek wrote:

> > far :), I would encourage you to log into merkel and verify, directly and
> > securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and
> > upload your signature to the public keyservers as well, if you are satisfied
> > that this is the key that is being used on ftp-master.debian.org to sign the
> > archive.

> > You should *only* do this if you're satisfied that the presence of this file
> > in the mirror on merkel is adequate evidence that it's the same key in use
> > on ftp-master.  So trusting that the ssh host key of merkel is authentic,
> > trusting that someone hasn't compromised both merkel and your network
> > (pushing matching, invalid keys to you via merkel and a MITM of
> > http://ftp-master.debian.org), and trusting that the propagation from
> > ftp-master to merkel is secure.

> Do we make a habit of asking ftpmasters to bring the archive keys
> along to keysignings? How many ftpmasters would we want to stand up
> and tell us that they key in question really is the one that is used
> to sign the archives before we should agree to sign it?...

From a web-of-trust standpoint, this means that, rather than giving others
the opportunity to decide for themselves whether they trust the ftpmaster in
question, you're making this decision on their behalf.  So the true paranoid
answer here is "all of them", as that's the only defense against one or more
of the ftpmasters trying to fake their own key in a way that the other
ftpmasters don't notice right away. :)  OTOH, if you're happy to ignore this
argument, then one ftpmaster standing up should be plenty; and shorter
transitive trust paths are definitely to the community's advantage here. 
(That's basically why I sign the archive keys myself instead of just letting
everyone trust the ftpmasters' signatures, after all -- there are people who
are a short hop away from my key in the web of trust that may have farther
to go to reach an ftpmaster, and vice versa.)

This does seem largely equivalent to logging into merkel and checking the
file there, anyway; you're trading "merkel is compromised and no one knows
it" for "an ftpmaster is compromised and no one knows it" as the weakness of
the check.  For bonus security, it'd be nice if any DD who checked the
fingerprint from an ftpmaster in person would also grab the key from merkel.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: