[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-elitists] Surveillance



----- Forwarded message from Teh Entar-Nick <[email protected]> -----

Date: Sun, 8 Sep 2013 18:01:34 +0000
From: Teh Entar-Nick <[email protected]>
To: [email protected]
Subject: Re: [linux-elitists] Surveillance
User-Agent: Mutt/1.5.21 (2010-09-15)

Eugen Leitl:
> I'm only aware of how Debian does things, and not in any detail.  What
> I would do is to separate the signing secrets across multiple key
> people, and do a recorded/witnessed ceremony following a CA-like
> model, signing on an air-gapped machine which is securely wiped
> afterwards and transferring packages via sneakernet (making sure
> there's nothing autoexecuted on plugin) to the machine where it is
> being published. Yes, this is a huge pain.

This is what Ubuntu does, and I was under the impression that they
learned it from their Debian experiences with the same process.

Also I'm not entirely sure what you meant by "a CA-like model" but if
you're only talking about identity verification, you're missing a few
things.  Most important is keeping the real secrets in a master key that
can authorise or revoke functional signing keys as needed.  There are
other steps that the security experts all worked out when they first
realised that crypto wasn't magic and needed human processes to keep it
relevant.  It's all In The Literature.

> So have a secure process in place, monitor the process by external
> parties so that we can be sure that it is actually being done the way
> it is said to be done. Trust, but verify.

I'm not sure how you audit something that's meant to happen in a sealed
bunker with a select few trusted shardholders.

-- 
"Man, if everything were object-oriented then rsync
could do this already. Of course, if everything were
object-oriented I'd have a bushy moustache and be
wearing flares, which would suck." -- Sean Neakums
_______________________________________________
Do not Cc: anyone else on mail sent to this list.  The list server is set for maximum one recipient.
linux-elitists mailing list
[email protected]
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5