security projects thoughts

Arno Hautala arno at alum.wpi.edu
Mon Apr 18 07:25:56 PDT 2011 

On Mon, Apr 18, 2011 at 10:04, Jeff Johnson <n3npq at mac.com> wrote:
>
> On Apr 18, 2011, at 9:40 AM, Arno Hautala wrote:
>
>> I'm all for more GPG adoption, but it might be a good idea to be
>> consistent and stick with OpenSSL.
>
> These are opinions only, without any supplied reason to prefer OpenPGP
> over OpenSSL. DOes DSA from OpenSSL taste better to you somehow than
> OpenPGP? Perhaps the random big numbers are "fresher" if wrapped in
> OpenSSL than OpenPGP?

The argument for OpenSSL was consistency. I never said anything about
OpenPGP being better than OpenSSL.

My personal enthusiasm for GPG is to see more widespread use of crypto.

>> A common key either means every developer gets a copy. But, do you
>> really want to issue a new key everytime a developer leaves or
>> accidentally leaks the key?
>
> Key management is a whole different issue. SInce noone in a possition
> of "authority" in MacPorts has volunteered to issue anything, well,
> there just ain't no keys to manage, are there?

This whole thread is speculation and brainstorming. If keys are the
best way forward, there would be keys to manage. If not, there
wouldn't be.

> There is nothing wrong with robo-signing, its called a "non-repudiable" signature,
> and one can devise a credible security framework based on robo-signing
> or any other "central authority".

>From my perspective, a credible security framework using
non-repudiation relies on the key staying secure. For open source
software this means a key that isn't publicly distributed. These seem
to be opposing statements. I suppose the same issue occurs with a
proposed MacPorts cert authority, but at least it can be revoked if
something goes wrong. In a key based system, this would be the biggest
issue.

> What is the basis for "attractive" or not?

In the above? I suppose it's my opinion.

> I'm not at all sure why you think my comments qualify as "shot down".
>
> I am in fact just a lurker here, with an opinion no different than your own,
> no means to approve/reject anything, and have indeed provided "constructive criticism"
> albeit harshly (and rigorously).

Shot down in the sense that I suggested a method of exploit (which I
think was along the lines of what Bayard initially proposed) and you
countered with "if you're worried about it, don't use MacPorts".

Constructive criticism wolud have been to discuss how the scenario
wasn't an actual exploit risk. Or how better to mitigate it.

-- 
arno  s  hautala    /-|   arno at alum.wpi.edu

pgp b2c9d448

More information about the macports-dev mailing list