[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Karel Gardas |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Sun, 7 Dec 2003 21:09:03 +0100 (CET) |
On Sun, 7 Dec 2003, Tom Lord wrote:
> There have been several (including some very recent) irc chats about
> adding cryptographic signatures to arch. My understanding is that
> there might be some people interested in implementing this. I can do
> this myself but I thought I'd post a plan for it here in case somebody
> wants to jump on it have some fun with it.
Heck, I've thought few hours about it, but w/o any free time now, it's
nearly useless :-(
Anyway some notes are below.
> 2) Add a "signed-archive" property to archives
>
> Have a look at libarch/archive.c(arch_make_archive) and
> arch_pfs_make_archive. Note how the parameter dot_listing_lossage
> is used.
>
> Add a similar parameter signed_archive, so that if you create
> an archive with --signed, =meta-info the in the archive will
> contain a file "signed-archive" containing the string "system
> cracking is lame".
>
Is this really needed? I would rather be for some kind of security levels
set in $HOME/.arch-params/=locations. This way different users can handle
the same archive differently, i.e. on get with sig broken either nothing,
or warning, or error migt happen
> 3) Modify arch_pfs_connect to collect a passphrase
>
> It's a bit icky to keep the passphrase in tla's memory but I think
> it's more reasonable in this case than the alternatives.
>
> In libarch/pfs.c(arch_pfs_connect), after connecting, look for
> the "signed-archive" file. If present, prompt the user for
> a passphrase and record it.
>
Please no! That's exactly how it shouldn't be done, since you will need to
increase size of your TCB code, which is not good from security
review point of view.
<sniped other points>
Well, I will probably finally write my own proposal, just to not only
criticize your own. :-)
Cheers,
Karel
--
Karel Gardas address@hidden
ObjectSecurity Ltd. http://www.objectsecurity.com
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Mraz, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Karel Gardas <=
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
Re: [Gnu-arch-users] crypto sigs and _Encryption_ for arch, Paul Hedderly, 2003/12/09
crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07