Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Hubert Feyrer <firstname.lastname@example.org>
From: Curt Sampson <email@example.com>
Date: 07/25/2005 11:34:27
On Sun, 24 Jul 2005, Hubert Feyrer wrote:
> Please let's just sign the whole file.
> It's more failsafe, and not that difficult to implement, see my other
It's a PITA for users. Do we really want to stick users with the baggage
of having to deal with two files, and the attendant risk of mismatching
the two or losing one, if we gain no security benefit from it?
I see three potential reasons to go with two files instead of one:
1. We have a convincing proof that it defends against attacks that
including the signature in the archive cannot defend against.
2. We've researched the subject, and cannot convincingly demonstrate
that including the signature in the archive is as safe as having a
3. We've decided we just don't care, and are going to adopt a
potentially inferior standard because we're too lazy to do the
One of these reasons is not a good way to set standards.
Curt Sampson <firstname.lastname@example.org> +81 90 7737 2974 http://www.NetBSD.org
Make up enjoying your city life...produced by BIC CAMERA