----- Forwarded message from Teh Entar-Nick <nick@teh.entar.net> ----- Date: Sun, 8 Sep 2013 18:01:34 +0000 From: Teh Entar-Nick <nick@teh.entar.net> To: linux-elitists@zgp.org Subject: Re: [linux-elitists] Surveillance User-Agent: Mutt/1.5.21 (2010-09-15) Eugen Leitl:
I'm only aware of how Debian does things, and not in any detail. What I would do is to separate the signing secrets across multiple key people, and do a recorded/witnessed ceremony following a CA-like model, signing on an air-gapped machine which is securely wiped afterwards and transferring packages via sneakernet (making sure there's nothing autoexecuted on plugin) to the machine where it is being published. Yes, this is a huge pain.
This is what Ubuntu does, and I was under the impression that they learned it from their Debian experiences with the same process. Also I'm not entirely sure what you meant by "a CA-like model" but if you're only talking about identity verification, you're missing a few things. Most important is keeping the real secrets in a master key that can authorise or revoke functional signing keys as needed. There are other steps that the security experts all worked out when they first realised that crypto wasn't magic and needed human processes to keep it relevant. It's all In The Literature.
So have a secure process in place, monitor the process by external parties so that we can be sure that it is actually being done the way it is said to be done. Trust, but verify.
I'm not sure how you audit something that's meant to happen in a sealed bunker with a select few trusted shardholders. -- "Man, if everything were object-oriented then rsync could do this already. Of course, if everything were object-oriented I'd have a bushy moustache and be wearing flares, which would suck." -- Sean Neakums _______________________________________________ Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists@zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5