[Cryptech Core] git, again
Василий Долматов
dol at reedcat.net
Mon Jan 13 09:47:22 UTC 2014
13 янв. 2014 г., в 13:35, Randy Bush <randy at psg.com> написал(а):
>> Seems that you are talking about procedure, when every downloader
>> checks the signature under every commit, right?
>
> this is my feeble understanding
>
> the sha-1 gives a pretty strong guarantee of data integrity.
yes, and this operation can be performed upon all downloaded data on client side without any additional information.
> the
> signatures give you auditability so you can assign blame.
this operation cannot be performed that simply.
it needs _either_ valid list of public keys (which must be maintained and distributed in secure manner, otherwise it proves nothing), or CA cert and working OSCP (again in secure manner).
It that case you change security focus from repo distribution server to key distribution server, both being equally exposed to world, so measures to secure it from compromise are exactly the same, and probability of compromise is exactly the same.
if you authenticated the user, then you can assign blame already.
key for authentication and key for commit signing will be stored by the user with same procedures (100000 to 1 ;) ), so, commit signing does not fight with workstation compromise better than access control.
> if you
> verify them on input no need to verify on output as sha-1 covers.
>
you can verify on input by authenticating.
> randy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4815 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/core/attachments/20140113/26569fab/attachment.bin>
More information about the Core
mailing list