Code signing in OpenBSD

> On Wed, Dec 05, 2007, STeve Andre' wrote:
> > On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote:
>
> > > Someone actually did the former with sendmail.org (to distribute a
> > > version of sendmail with a backdoor).  The problem was only noted
> > > because users checked the (digital) signature.
>
> > You know, you're descending into a recursive loop of "if, if, if..." and
> > it never ends.  OF COURSE if someone breaks into the site they could
> > do things--once you've lost control of your site all bets are off.  I dare
>                                                    ^^^^^^^^^^^^^^^^
>
> Hmm, did you read what I wrote?
>
> The breakin was detected due to the digital signature.
>
>
> Anyway, it's obviously up to the OpenBSD developers what they do.

>On Dec 5, 2007 11:46 AM, new_guy <byte8bits@...> wrote:
>> Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
>> user community? Knowing that xyz binary is signed by OpenBSD for
>> distribution or abc email came from an official OpenBSD source is a good
>> thing. Trojaned binaries and forged emails happen. PKI can help mitigate
>> this. The benefit of PKI is widely known and accepted and does not need to
>> be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of)
>> does not use it, that's all I'm saying. I also thought there would be a real
>> reason for not doing so and there may in fact be and I may just be unaware
>> of it.

> Hannah Schroeter wrote:
> > ...
> >> AFS is also encrypted, but unless its used to
> >> get all the tarballs and make them accessible locally (e.g. make a cd)
> >> it's not a help during the installation.
> >
> > I don't know enough about AFS to say anything about how to secure it
> > from the beginning on.
>
> I'm not very knowledgeable, but have been looking at the documenation
> lately:
> http://www.openafs.org/pages/doc/AdminGuide/auagd007.htm#HDRWQ75
>
> > ...
> >> Given the existence of Windows servers (aka compromised machines) on
> >> many networks, there are many chances for traffic to be intercepted,
> >> often even DNS.  So man-in-the-middle attacks appear to be theoretically
> >> easy during the first part of an OpenBSD network installation.
> >
> > Yes, alas. And especially, for government "legal" interception, where
> > they could legally enlist help from ISPs.
>
> So, intentional (corporate or government agreement with ISP) or
> unintentional (use of M$ on ISP DNS server), could allow the initial
> installation to become compromised, perhaps in a hard-to-detect way.
>
> None of this seems to be solved in the installation guide:
> http://openbsd.org/faq/faq4.html
>
> Again, it looks like it might come down to keys or fingerprints and that
> the network install might be depreciated.  Rather, download, verify,
> then install.
>
> -Lars
>
>

> Douglas A. Tutty wrote:
> > Using software from any source without interference from an
> > all-pervasive government is a very special,...
>
> It's not all about governments.  Corporate espionage is probably a
> larger, more active threat, especially to OpenBSD.
>
> "cui bono?"
>
> If we assume for the sake of argument that the printed CDs are ok, then
> there is at least one method for distributing keys and/or building a web
> of trust.
>
> -Lars

> bofh wrote:
> > At this point, it's probably a good idea to point out there's a paper
> > called Trusting Trust about your everyday C compiler...
>
> Yeah.  It recently disappeared from the ACM's web site after 11+ years
> of availability:
> http://www.acm.org/classics/oct95/
> There is, fortunately, the author's copy:
> http://cm.bell-labs.com/who/ken/trust.html
>
> There is an interesting follow up:
> http://www.dwheeler.com/trusting-trust/
> summary of the followup:
>  http://www.schneier.com/blog/archives/2006/01/countering_trus.html
>
> The bottom line, however, is that having and using the source is not
> optional.
>
> Thus, patches are provided in OpenBSD as source...
>
> But, starting from an initial set of some binaries is adequate for many
> uses, just as long as we can make reasonably sure that those binaries
> come from who they are supposed to / we expect them to.
>
> The install process ought to be fairly clear about the origin,
> authenticity and integrity of those initial binaries.  No need to build
> on more of a sand foundation than necessary.
>
> -Lars
>

> On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
>
> > One risk would be the plans of "online surveillance" of computers e.g.
> > in Germany. One way to install surveillance even on OpenBSD would be to
> > actively interfere with the internet connection with the surveilled
> > person, in the man-in-the-middle sense, and inject trojanned code
> > ("Bundestrojaner") into the updates of the victim.
>
> Using software from any source without interference from an
> all-pervasive government is a very special, but unfortunatly today, a
> very real issue for many people around the world.  To be secure, you
> have to get pieces of the puzzle over multiple paths.  It all can't come
> via the net since then you're open to man-in-the-middle.
>
> Key-revocation announcements could come over the net (via an announce
> list) but the new key would then have to come over a second channel.
>
> One second-channel option is the q6mth CD issue, which could include a
> new public key and e.g. known-hosts fingerprints.  This is vulnerable to
> a very determined man-in-the-middle who can replicate and then alter the
> CD before it arrives to you in the mail.
>
> Another option is a trusted courier flying to Alberta and get a CD from
> the OpenBSD store  (yeah, right).
>
> In fact, likely any other technological option (e.g. an answering
> machine in Alberta that spits out the alphanumerics of the current
> master public key) is still suceptible.
>
> If every piece of information you receive is filter through your
> government, is there any hand-shaking protocol that can allow you to
> establish a verified information connection (not necessarily encrypted)?
> I don't think so.
>
> Sure, Debian has signed .debs that use gpg as a back end (the system is
> called apt-key), it relies on you trusting the fist key that you get
> from them.  Since Debian doesn't actually mail out its own CDs,
> everything is off its mirrors.  apt-key only 'protects' you from a later
> man-in-the-middle.
>
> I think that this is the central 'problem' that people are dancing
> around.
>
> Personally, if this thread is to continue, I would like to see it move
> from a "Why doesn't OpenBSD do things this way?" to a "What are the
> threat models for OpenBSD identity theft and how can we protect
> ourselves?".
>
> Doug.
>
>