Crypographically Strong Software Distribution HOWTO
Rich Salz
rsalz at zolera.com
Tue Jul 3 20:51:32 EDT 2001
> So how does this work in practice?
Who controls commit access? What mechanisms protect that? The same
mechanisms that protect *the source* can be the same mechanisms that
protect *the release.*
I don't know anything about how the ASF works, but there is clearly some
working mechanism that lets you folks control access to your servers and
write access to your source tree. From a security architecture
perspective, those some mechanisms should be able to control certificate
lifecycle.
The only point of signing software is so that someone can be sure it
hasn't been tampered with. Why build a complex mechanism, when a CA and
its CRL -- protected just like, and just as well as, the master source
tree -- will do the same thing, but simpler?
> If Verisign can be spoofed into signing a Microsoft key, what hope for
> this model? None, IMO.
Nonense. If this note doesn't explain things well enough for you to
appreciate the difference, then I'll take the blame for poor expository
skills.
I've probably reached the limits of interest to the cryptoraphy mailing
list, and I have no wish to further intrude on members at apache.org
(especially since I'm not one :), so I'll try to end my participation
here.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list