Re: [OT] GnuPG / PGP signed MD5 checksums

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I just started using GPG about a month ago, and am still trying
> to figure out how to establish trust in cases where it's not
> practical to verify a person's identity in person. In this case,
> how do I know that the message is signed by the real Greg Mullane,
> and not by some cracker who made up his own GPG key with Greg's
> name attached to it and forged an email signed by this fake key?
> And who also replaced one or two of the source files with a
> trojaned version, and is publishing the md5's for the trojaned
> version via this email?

There are a few overlapping issues here, but the first thing you need
to do is understand the GnuPG model of trust. In this model, there
is no central authority (and thus no single point of failure).
Instead, people verify each other's keys, creating a "web of trust"
that you can use to trace a path from one key to another. My key
is fairly well integrated into the web of trust, so most people
should be able to find a path to it. You do not therefore need to
verify my identity "in person."

You can also check for a forged email by looking at the headers:
my mail will almost always come from biglumber.com, which also has
my key in the whois record. If you ever see an email from me,
regardless of where it originated, that is not signed with GnuPG,
it is probably a forgery.

The problem of a trojan file is one of the main reasons I am
providing signed checksums. It verifies that at a certain point in
time, the files had a certain checksum. As time goes on, these
checksums become more valuable due to the fact that a trojaned
version is more likely to be discovered the longer it exists.
Also, more time gives people a chance to verify my checksums
themselves: if I had made a mistake, hopefully it will be noticed.

Remember that all my message says is that at a certain point in time,
the files had a certain checksum. I cannot verify that there is
not bad code inside them, as I have not checked the source code of
each one. I am fairly confident that a trojaned version would have
been noticed by now, especially on the pre-7.3.1 versions.

My signed checksums do prevent an attack in which someone breaks
into the postgresql server and installs a trojaned version of the
source code. This person also create and installs a MD5 for the
trojaned version and put that on the web site as well. The mirrors
faithfully pick up the new versions, until nothing but a trojan
exists, with a correct MD5 file alongside it. This is why many
sites have a signed version of their software: a MD5 can be easily
created, while a PGP sig cannot. In the future, I would like to
see pgp-verification files instead of the MD5s on the download page.

> Having the fingerprint in the same email message doesn't help
> that much; perhaps if the signer's fingerprint were on another server,
> independent of the one holding the files to download? That would at
> least require an attacker to compromise two separate servers to fool
> people taking the time to verify.

The fingerprint is provided to help people find my key and to verify
that they have the correct key once they have downloaded it. As far as
"other servers", you can check the postgresql mailing list archives and
see that I have been signing emails with this key (including patches)
for a long time. You can also search for my key on Google and find many
sightings. Checking the key in multiple places is always a wise idea,
and Google's cache is an excellent verification.

Some links that explain some of the above concepts better than I have:

An Introduction to GNU Privacy Guard (a well-written article):
http://www.desktoplinux.com/articles/AT3341468184.html

The GnuPG FAQ (a good (but terse) overview):
http://www.gnupg.org/(en)/documentation/faqs.html

Site to coordinate key signings to expand the web of trust:
http://www.biglumber.com/index.html

Explanation of the web of trust:
http://www.rubin.ch/pgp/weboftrust.en.html

Greg Sabino Mullane greg(at)turnstep(dot)com
PGP Key: 0x14964AC8 200301061321

-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html

iD8DBQE+Gc0cvJuQZxSWSsgRAtFRAKCVeswGkXHvyGVc+6SkmEdU7u018ACgjpZZ
GZUrHFsgT0sETG0xpfIMLNE=
=3IiD
-----END PGP SIGNATURE-----