[Nix-dev] [yui at cock.li: Re: Malicious installation methods]
Adrien Devresse
Adev at adev.name
Fri Jun 17 16:52:30 CEST 2016
> I agree with this. A key that is trusted itself (rather then trusting a
> domain name) would be a very large security increase.
I agree too.
And this more or less the way taken by RPM / DPKG that ship their
trusted key on the client side when you install a new repository instead
of relying on any CA or PGP keyserver.
Adev
Le 17/06/2016 16:35, Kevin Cox a écrit :
> On 17/06/16 10:33, Yui Hirasawa wrote:
>>> Signing the installer script would provide only a minor increase in
>>> security (in that it would require the signing key to be compromised,
>>> rather than the nixos.org certificate). I don't object to doing that
>>> though.
>> That is quite a major increase in security actually. Compromising a key
>> that can be kept offline most of the time is a lot harder than obtaining
>> a signed certificate for the nixos.org domain. You do not have to have
>> the original nixos.org certificate to perform man-in-the-middle attack.
>>
> I agree with this. A key that is trusted itself (rather then trusting a
> domain name) would be a very large security increase.
>
>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160617/2265687d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160617/2265687d/attachment.sig>
More information about the nix-dev
mailing list