| From: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
|---|---|
| To: | "Peter Eisentraut" <peter_e(at)gmx(dot)net> |
| Cc: | <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: Dave Page's PGP key |
| Date: | 2006-07-22 13:20:36 |
| Message-ID: | E7F85A1B5FF8D44C8A1AF6885BC9A0E48508AA@ratbert.vale-housing.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
________________________________
From: Peter Eisentraut [mailto:peter_e(at)gmx(dot)net]
Sent: Sat 7/22/2006 1:17 PM
To: Dave Page
Cc: pgadmin-hackers(at)postgresql(dot)org
Subject: Re: [pgadmin-hackers] Dave Page's PGP key
> If you believe that breaking into the web server is impossible, or
> impossible enough, you don't need PGP signatures, because the file that
> is being protected sits on the same or similar web server.
Of course I don't believe it's impossible.
> Uploading a key to a key server is simple enough, and I have no
> knowledge that the key that is there now is yours to begin with. And
> even if you tell me it is, I don't know that you sent this email.
Until 2 weeks ago you had zero knowledge of who I really was anyway :-)
> You see, all an attacker would really have to do is install an HTTP
> proxy near the recipient's host that deals out altered files. The
> security of the infrastructure on your side is only part of the
> generally insecure communications link that PGP wants to protect
> against.
>
> Of course this is thoroughly paranoid, and I have no suspicion at all
> that pgAdmin downloads are being compromised, but recently I see too
> many people who attempt to "secure" their downloads by signing them
> with signature-less PGP keys, which gives exactly nil additional
> security.
I'm not claiming it's totally secure. What I'm saying is that the effort involved in compromising the measures we have put in place is most likely far higher than would be worthwhile for any possible gain. Adding an unsigned signature to all the files gives the slightly paranoid user the ability to at least check that the file was signed by the person that they believe to be me.
The totally paranoid amongst us can meet me at the Bird & Baby in Oxford where I'll produce photo ID and a copy of pgAdmin on CD in return for a pint and a burger :-)
> > Compare that to the md5sum's that Greg(?) produces
>
> That is not the standard you want to compare with. But Greg actually
> does have signatures on his key.
Yes, Greg does have signatures, but my point remains - my unverified ket is far harder to fake or compromise than a list of md5sums generated from possibly-already-compromised tarballs. On the plus side, Greg does sign his emails containing those sums which puts him way up on many other projects who simply include the checksums, unsigned on the same ftp server as the files.
Regards, Dave.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sébastien Lardière | 2006-07-24 12:09:56 | Re: New RPM Schema and release |
| Previous Message | Peter Eisentraut | 2006-07-22 12:17:13 | Re: Dave Page's PGP key |