[Nix-dev] [yui at cock.li: Re: Malicious installation methods]

Kevin Cox kevincox at kevincox.ca
Fri Jun 17 16:35:56 CEST 2016


On 17/06/16 10:33, Yui Hirasawa wrote:
>
>> Signing the installer script would provide only a minor increase in
>> security (in that it would require the signing key to be compromised,
>> rather than the nixos.org certificate). I don't object to doing that
>> though.
> 
> That is quite a major increase in security actually. Compromising a key
> that can be kept offline most of the time is a lot harder than obtaining
> a signed certificate for the nixos.org domain. You do not have to have
> the original nixos.org certificate to perform man-in-the-middle attack.
>

I agree with this. A key that is trusted itself (rather then trusting a
domain name) would be a very large security increase.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160617/a5cc51c5/attachment.sig>


More information about the nix-dev mailing list