[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD 3.2 official release files / CDs MD5 / SHAs / digital signatures online?

Quoting Dom De Vitto (dom_(_at_)_DeVitto_(_dot_)_com):
> Err, no thanks. I'd like my OS signatures in a system that I actually
> trust! (DNS Poisening anyone?)

Signed zones?  TSIG?  Using an authoritative host?  (cache poisoning
has only worked for non-authorititive zones).

My issue is that if/when someone roots the ftp server (openssh,
sendmail, tcpwrappers, etc), the sig file is on that same
machine and alterable.