Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <550F8F4E.6040705@gmail.com>
Date: Sun, 22 Mar 2015 23:58:06 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for Kali Linux

On 22/03/15 03:23 PM, Stephen Kitt wrote:
> On Sun, 22 Mar 2015 14:33:01 -0400, Daniel Micay <danielmicay@...il.com>
> wrote:
> [...]
>> At best, GPG offered *zero value* compared to checking a hash provided
>> via HTTPS, grabbing a torrent file via HTTPS or downloading directly via
>> HTTPS. However, I think it's pretty clear that few users would have gone
>> through with this and all it did was maintain the same security offered
>> by the HTTPS PKI.
> [...]
> 
> I don't have any objection to the rest of your argumentation, which seems
> sensible to me; at the very least it's clear that all this needs to be made
> much easier, and (proper) HTTPS use should be encouraged.
> 
> But I do believe that *at best*, GPG offers something that HTTPS doesn't:
> signature validation with peer-to-peer trust via the web of trust. This is
> "at best" because most users don't have a key in the strong set; but at least
> for Debian, the archive keys are in the strong set, so any one else with a
> key in the strong set has at least one trust path to the archive key.
> 
> Of course that doesn't really help with the MITM scenario, since end users
> would need to know that the archive key is supposed to be signed, and by
> whom...

An attacker only needs control over a few keys in the strong set to add
any number of keys they want, which can then sign other keys. There's
value in the GPG WoT but it's non-trivial to extract it. You could
specifically find Debian devs and obtain their fingerprints securely
from various other places. I think the numbers of users who are going to
do this can probably be counted on a single hand. If there were actually
instructions on this in the installation guide, it could be argued that
a secure option is there.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.