From: | Greg Copeland <greg(at)CopelandConsulting(dot)Net> |
---|---|
To: | greg(at)turnstep(dot)com |
Cc: | PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PGP signing releases |
Date: | 2003-02-11 14:08:38 |
Message-ID: | 1044972518.2518.119.camel@mouse.copelandconsulting.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Well said. I'm glad someone else is willing to take a stab at
addressing these issues, since I've been down with the flu. Thanks
Greg.
As both Gregs have pointed out, hashes and checksums alone should only
be used as an integrity check. It is not a viable security mechanism.
A hash does not provide for authentication and even more importantly,
verification of authentication. These concepts are key to creating a
secure environment.
Regards,
--
Greg Copeland <greg(at)copelandconsulting(dot)net>
Copeland Computer Consulting
On Mon, 2003-02-10 at 21:57, greg(at)turnstep(dot)com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > So you put the MD5 sum into the release announcement email. That is
> > downloaded by many people and also archived in many distributed places
> > that we don't control, so it would be very hard to tamper with.
> > ISTM that this gives you the same result as a PGP signature but with
> > much less administrative overhead.
>
> Not the same results. For one thing, the mailing announcement may be
> archived on google, but asking people to search google for an MD5 sum
> as they download the tarball is hardly feasible. Second, it still does
> not prevent someone from breaking into the server and replacing the
> tarball with their own version, and their own MD5 checksum. Or maybe
> just one of the mirrors. Users are not going to know to compare that
> MD5 with versions on the web somewhere. Third, is does not allow a
> positive history to be built up due to signing many releases over time.
> With PGP, someone can be assured that the 9.1 tarball they just
> downloaded was signed by the same key that signed the 7.3 tarball
> they've been using for 2 years. Fourth, only with PGP can you trace
> your key to the one that signed the tarball, an additional level of
> security. MD5 provides an integrity check only. Any security it
> affords (such as storing the MD5 sum elsewhere) is trivial and
> should not be considered when using PGP is standard, easy to implement,
> and has none of MD5s weaknesses.
>
> - --
> Greg Sabino Mullane greg(at)turnstep(dot)com
> PGP Key: 0x14964AC8 200302102250
> -----BEGIN PGP SIGNATURE-----
> Comment: http://www.turnstep.com/pgp.html
>
> iD8DBQE+SA4AvJuQZxSWSsgRAhenAKDu0vlUBC5Eodyt2OxTG6el++BJZACguR2i
> GGLAzhtA7Tt9w4RUYXY4g2U=
> =3ryu
> -----END PGP SIGNATURE-----
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
From | Date | Subject | |
---|---|---|---|
Next Message | SAKAIDA Masaaki | 2003-02-11 14:24:22 | Re: pgbash-7.3 released |
Previous Message | Hannu Krosing | 2003-02-11 11:15:33 | Re: 7.2 -> 7.3 incompatibility |