Re: Transparency into private keys of Debian

To: debian-devel@lists.debian.org
Subject: Re: Transparency into private keys of Debian
From: Bill Allombert <ballombe@debian.org>
Date: Fri, 2 Feb 2024 18:37:25 +0000
Message-id: <[🔎] Zb02Zb8xFzKWSsZe@master.debian.org>
Mail-followup-to: Bill Allombert <ballombe@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 874jeso77o.fsf@kaka.sjd.se>
References: <[🔎] 874jeso77o.fsf@kaka.sjd.se>

Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit :
> Hi
> 
> I'm exploring how to defend against an attacker who can create valid
> signatures for cryptographic private keys (e.g., PGP) that users need to
> trust when using an operating system such as Debian.  A signature like
> that can be used in a targetted attacks against one victim.
> 
> For example, apt does not have any protection against this threat
> scenario, 

Is not apt-key a protection ?

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

Follow-Ups:
- Re: Transparency into private keys of Debian
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Transparency into private keys of Debian
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Re: 64-bit time_t transition in progress
Next by Date: Re: 64-bit time_t transition in progress
Previous by thread: Re: Transparency into private keys of Debian
Next by thread: Re: Transparency into private keys of Debian
Index(es):
- Date
- Thread