[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: public keys for cvs use on the mirrors?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: public keys for cvs use on the mirrors?
- From: Joel Rees <joel_(_at_)_alpsgiken_(_dot_)_gr_(_dot_)_jp>
- Date: Fri, 23 May 2003 14:15:59 +0900
And naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de (Christian Weisgerber) replied:
> Joel Rees <joel_(_at_)_alpsgiken_(_dot_)_gr_(_dot_)_jp> wrote:
> > Do the mirrors all have master lists of each others' public keys or
> > whatever for verification?
> No, they don't.
(Thought about the distribution problem last night and about the
likelihood of a MITM attack and so forth.
I guess, if I want to be that paranoid, I should schedule some time to
write a script to handle the distribution and guard-duty. The concept
seems straightforward at first glance: a list of servers that verify
against each other, a server/client pair, random-sort the list before
each pass through, and log/e-mail whenever a fingerprint changes. Also,
log/e-mail when a server in the list mucks a client query or misses a
timeout. That would be a good first approximation, at any rate.
If I understood ssh, it probably wouldn't take that long to write. So
I'll have to schedule studying ssh first. Cron, too, come to think of it.
Wonder what else I'm missing.)
Joel Rees <joel_(_at_)_alpsgiken_(_dot_)_gr_(_dot_)_jp>