incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@tumbolia.org>
Subject Re: key signing
Date Thu, 11 Oct 2012 08:57:48 GMT
On Thu, Oct 11, 2012 at 9:01 AM, Nick Kew <niq@apache.org> wrote:

>
> You have to extend that assumption not only to our infrastructure but to
> every proxy that might come between us and a user, and that might
> substitute a trojan along with the trojan's own SHA1.
>

The same reasoning holds for the .asc file. A MITM attack might involve a
mirror replacing the release artefact, along with the .md5, .sha, and .asc
files. If the user is only verifying against those files, then everything
might look kushti. (Assuming they skip the step where they're supposed to
import the KEYS file, or assuming someone replaced that too.)

Which is why we link to the .md5, .sha, .asc, and KEYS files on our severs.
Unless you're assuming a MITM along the request/response path to apache.org,
in which case all bets are off anyway. No?

-- 
NS

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message