[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian cd supporting ext4.

On Saturday 24 July 2010 17:21:28 Florian Kulzer wrote:
> Furthermore, he is asking the wrong question if he wants real security.
> If one downloads via an insecure protocol (http, ftp) then it does not
> matter if the URL points to debian.org, kmuto.jp or rootkits-r-us.com,
> because one is unprotected against a man-in-the-middle attack in any
> case.

That's not true.

Long ago, the "secure-apt" project took this issue into account.  The Packages 
file is GPG signed and this signature is verified during each (aptitude 
update), even during installation.  (Although, I have seen some install 
methods subvert this check...)

The Packages file contains multiple cryptographically-secure hashes of each 
binary package available from that archive/repository and (at least) one of 
these hashes is verified after download but before installation.

The Sources file is similarly signed and provides hashes for the source 
packages available from that archive/repository.

The official installation media are each singed and hashed in a 
cryptographically-secure manner, but you have to verify those manually.

> The question that should be asked is: "How can I verify the checksums of
> the kmuto images with cryptographic signatures that can be traced back
> to a trusted key from the debian keyring?" (Unfortunately I do not know
> the answer; I cannot find any signature whatsoever for the checksums.)

Good question.  I don't know how to verify the installation media.  Assuming 
it uses the standard apt and normal repositories, all the packages installed 
during installation will be verified, and the archive/repository must be 
signed by a GPG key in the installation media's apt keyring.
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: