Thread: Dave Page's PGP key
Either I'm doing something wrong or Dave Page's PGP key that is used to sign pgAdmin releases does not have any signatures on it. That would make the process of verifying the releases rather impossible. -- Peter Eisentraut http://developer.postgresql.org/~petere/
> -----Original Message----- > From: pgadmin-hackers-owner@postgresql.org > [mailto:pgadmin-hackers-owner@postgresql.org] On Behalf Of > Peter Eisentraut > Sent: 22 July 2006 02:07 > To: pgadmin-hackers@postgresql.org > Subject: [pgadmin-hackers] Dave Page's PGP key > > Either I'm doing something wrong or Dave Page's PGP key that > is used to > sign pgAdmin releases does not have any signatures on it. That would > make the process of verifying the releases rather impossible. In order to compromise those file signatures, an attacker would have to replace my public key on the pgAdmin SVN repo (from where it propagates out to the webservers), and somehow replace the copy on the keyservers (which you also checked right?), in addition to rewriting each signature on a compromised file. Compare that to the md5sum's that Greg(?) produces of the server which are produced some time after the build based on whatever source Greg uses to get the tarballs which may have already been compromised (I generate the sigs as I build the releases). There is also no way to verify the authenticity of the sums, except checking directly with Greg. So no, I don't believe it's impossible to verify the pgAdmin releases - we in fact have a mechanism that's far more secure than the more common practice of file checksumming albeit not quite as watertight as it could be. It would be good to get some signatures on my key, but up until very recently the only names I could have got are ones that you would never have heard of, and thus would not have proved anything. I must speak with Greg about that... Regards, Dave.
Dave Page wrote: > In order to compromise those file signatures, an attacker would have > to replace my public key on the pgAdmin SVN repo (from where it > propagates out to the webservers), If you believe that breaking into the web server is impossible, or impossible enough, you don't need PGP signatures, because the file that is being protected sits on the same or similar web server. > and somehow replace the copy on > the keyservers (which you also checked right?), Uploading a key to a key server is simple enough, and I have no knowledge that the key that is there now is yours to begin with. And even if you tell me it is, I don't know that you sent this email. You see, all an attacker would really have to do is install an HTTP proxy near the recipient's host that deals out altered files. The security of the infrastructure on your side is only part of the generally insecure communications link that PGP wants to protect against. Of course this is thoroughly paranoid, and I have no suspicion at all that pgAdmin downloads are being compromised, but recently I see too many people who attempt to "secure" their downloads by signing them with signature-less PGP keys, which gives exactly nil additional security. > Compare that to the md5sum's that Greg(?) produces That is not the standard you want to compare with. But Greg actually does have signatures on his key. -- Peter Eisentraut http://developer.postgresql.org/~petere/
________________________________ From: Peter Eisentraut [mailto:peter_e@gmx.net] Sent: Sat 7/22/2006 1:17 PM To: Dave Page Cc: pgadmin-hackers@postgresql.org Subject: Re: [pgadmin-hackers] Dave Page's PGP key > If you believe that breaking into the web server is impossible, or > impossible enough, you don't need PGP signatures, because the file that > is being protected sits on the same or similar web server. Of course I don't believe it's impossible. > Uploading a key to a key server is simple enough, and I have no > knowledge that the key that is there now is yours to begin with. And > even if you tell me it is, I don't know that you sent this email. Until 2 weeks ago you had zero knowledge of who I really was anyway :-) > You see, all an attacker would really have to do is install an HTTP > proxy near the recipient's host that deals out altered files. The > security of the infrastructure on your side is only part of the > generally insecure communications link that PGP wants to protect > against. > > Of course this is thoroughly paranoid, and I have no suspicion at all > that pgAdmin downloads are being compromised, but recently I see too > many people who attempt to "secure" their downloads by signing them > with signature-less PGP keys, which gives exactly nil additional > security. I'm not claiming it's totally secure. What I'm saying is that the effort involved in compromising the measures we have putin place is most likely far higher than would be worthwhile for any possible gain. Adding an unsigned signature to allthe files gives the slightly paranoid user the ability to at least check that the file was signed by the person that theybelieve to be me. The totally paranoid amongst us can meet me at the Bird & Baby in Oxford where I'll produce photo ID and a copy of pgAdminon CD in return for a pint and a burger :-) > > Compare that to the md5sum's that Greg(?) produces > > That is not the standard you want to compare with. But Greg actually > does have signatures on his key. Yes, Greg does have signatures, but my point remains - my unverified ket is far harder to fake or compromise than a listof md5sums generated from possibly-already-compromised tarballs. On the plus side, Greg does sign his emails containingthose sums which puts him way up on many other projects who simply include the checksums, unsigned on the sameftp server as the files. Regards, Dave.