Kurt Zeilenga wrote:
>> Hashes have to be validated out-of-band each time a new release is
>> published. The trusted keys be have to be validated out-of-band only
>> each time a new trust anchor key is generated.
>
> The point here that an attacker can create the same level of trust for
> any new signing key they might use (or trust in that no signing was
> done) for the rouge release as the trust tends to be just publication of
> the signing key on the web site.
Creating signing keys happens less frequently and keys can also be
digitally signed by others. So it's not the same level of trust if done
right.
> And, as I noted, an attacker could just change stable from 2.m.y to
> 2.n.x, where 2.n.x was some crackable release.
This is another question anyway. It's not a matter of hash vs. digital
signature of the released tar.gz since "stable" is additional
meta-information on the web site. Publishing this meta-information in a
trusted way would certainly also desirable. (And for related reasons I
still consider my request in ITS#4787 to be valid.)
> What about a purely self-signed signing key with finger print published
> on the website, and possible release announcements.
I'm fine with that.
> (The latter arguable would be better, as it's more widely published.)
> [This appears to be the appraoch you've taken with web2ldap.]
And I'm open to get my key cross-signed.
> But, as I've noted, this really doesn't offer significant better
> security than widely published hashes.
Once you trusted this signing key you will notice if the key changes.
> However, if what you want is a signing key in which members of the
> public can personally verify is in the control of the project, that
> would be more difficult to provide.
Yes. Again, I'm fine with a pragmatic approach.
> Or, if what you want is a signing key which is in a wide web of trust,
> the difficultly depends on the scale of the web of trust desired (to the
> point of approaching the general public problem).
You could start with signing and try to spread the signing key and
additionally get it signed by others. BTW: I'm not limited to PGP in
this regard.
Ciao, Michael.