Subject: release authentication
To: None <tech-security@netbsd.org>
From: Erik E. Fair <fair@clock.org>
List: tech-security
Date: 03/20/1999 12:33:27
We take security seriously. Not just anyone can do CVS commits, and we use
ssh for access to our important servers.

I think it's time to take the next step and PGP sign the CHECKSUM and MD5
files that come with the releases we make. Partly this is to mitigate the
attack that Ken Thompson described in his Turing Award lecture, "On
Trusting Trust."

The keys can either be the personal keys of the portmasters, or we can
generate new "role" keys for port-<foo>-maintainer@netbsd.org. We should
endeavor to cross-sign the keys we use so that we have a solid "web of
trust."

Given the current state of the PGP world, I suggest we use PGP2 RSA keys to
start, and reconsider DSS/PGP5 after the RSA patent expires.

I think we should do this for NetBSD 1.4.

	comments on this notion?

	Erik <fair@clock.org>