Subject: Re: When NetBSD 4.0?
To: None <netbsd-users@NetBSD.org>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 03/23/2007 08:08:18
--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Also sprach Henry Nelson (netb@yuba.ne.jp)
> On Thu, Mar 22, 2007 at 08:48:53PM -0500, Jeremy C. Reed wrote:
> > On Fri, 23 Mar 2007, Henry Nelson wrote:
=20
> > These are unofficial ISO images. Where would checksums for them be post=
ed?
>=20
> I suppose on the unofficial site where the unofficial ISO images are foun=
d.
>=20
> (In truth I would prefer encrypted signing, but I don't know if that's ev=
en
> possible with ISO image files.=20
Of course it is possible. A cryptographic signature is just an
encrypted checksum. Files to be signed can be as large as your
harddrive is.=20
> Anyway, I thought it would be asking too
> much, because the person who makes those image files has to create public
> and private keys and maintain them. Lots of extra work.)
I suggested the use of cryptographic signatures some years ago.=20
Maintaining e.g. GnuPG keys isn't that hard and is already done at
least by the security officer. If GnuPG is no option, because it is
not in the base, OpenSSL could be used too, though this would lack the
web of trust for the keys.=20
Signing the checksum files of the ISO images is not that hard and
ensures the integrity *and* authenticity of them.=20
--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
http://www.net-tex.de =20
http://www.cryptomancer.de
--=20
Jeder wird als Faust geboren, um alles zu erfassen, alles zu erproben, alle=
s=20
auszudr=FCcken. Da=DF Faust Gelehrter wurde, daf=FCr sorgten die Fehler sei=
ner=20
Vorg=E4nger und seiner Zeitgenossen.=20
Boris Pasternak, Doktor Schiwago
--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)
iD8DBQFGA3ziEfTEHrP7rjMRAkdeAKC0FxPpZmlDBSa9qtEWhjyum5aoGACgp3oP
OKjeJRefsiJbI98l1/wk1MQ=
=Xdpb
-----END PGP SIGNATURE-----
--NzB8fVQJ5HfG6fxh--