Subject: Re: problem with download-vulnerability-list
To: NetBSD User's Discussion List <netbsd-users@NetBSD.ORG>
From: David Maxwell <david@crlf.net>
List: netbsd-users
Date: 07/28/2003 17:02:12
Previously, I wrote:
a) Protection from infrastructure errors. (e.g., salo's commit)
b) Protection from rollback (version numbering)
c) Protection from unintentional data corruption (hashes)
d) Protection from editor error (e.g., typos) ('lint')
e) Integrity as delivered from TNP (signatures)
f) Integrity as proposed from a developer (signatures)
f') Integrity from malicious inserts/edits
On Mon, Jul 28, 2003 at 04:48:57PM -0400, Greg A. Woods wrote:
> > Subject: Re: problem with download-vulnerability-list
> > e requires infrastructure, harware, and keys.
> > f requires infrastructure and keys.
>
> No, not really, at least not additional infrastucture and hardware,
> etc. (though I suppose it depends on what you mean by keys). We have
> precedent of using various checksums and MD5 signatures and such for
> other files and I think we'd all agree that at least one of these
> existing tools is sufficiently secure for verifying the integrity of
> files published on the web and ftp servers and mirrors.
That's a response to (c). It does nothing to confirm that you got the
file that TNP intended (e), or that the developer intended (f/f').
> If the files and their signatures are both separately and securely
> published to at least two completely separate mirror roots then users
That's not especially practical. Currently, mirrors are run on servers
which NetBSD developers don't have access to, and files are mirrored
automatically.
I really meant _signatures_ i.e. proving that this content came from an
entity with intent.
> > f' requires a clearing house (paid role)
>
> Well that depends on what threat profile you're considering. Even a
> clearing house won't easily be able to verify the actual integrity of a
> file
In the scope of the vulnerabilities file, this would just require
confirming the statements released by the 3rd parties about announced
vulnerabilities.
--
David Maxwell, david@vex.net|david@maxwell.net -->
(About an Amiga rendering landscapes) It's not thinking, it's being artistic!
- Jamie Woods