Re: Some secure way of updating sources?

QIU Quan Tue, 18 May 2010 18:20:19 -0700

Sorry. Forgot to CC the list.

---------- Forwarded message ----------
From: QIU Quan <[email protected]>
Date: Wed, May 19, 2010 at 09:05
Subject: Re: Some secure way of updating sources?
To: "Eric S. Pulley" <[email protected]>

On Wed, May 19, 2010 at 05:07, Eric S. Pulley <[email protected]> wrote:
> So you are seriously suggesting the OpenBSD folks set up a public-key
> cryptography system (SSL) to confirm their current public-key cryptography
> system (SSH)?b& I guess then we would need a third system to confirm the
> first two, right? This must be troll food.
>

Not exactly. It must be better if there are some other ways, e.g.
distributing the public keys on the CDs/ISOs.

SSL has some authorities which other current PKI systems, e.g. SSH,
PGP, lacks. Usually, the trusted authorities are delivered along with
OS distributions. Although a vendor should take the responsibility to
validate the authorities, this eases the first step of trust
establishment after all.

At least, the ordering page <https://https.openbsd.org/cgi-bin/order>
works. That means OpenBSD has already a registered SSL service on the
go.

--
h#d=: (QIU Quan) <[email protected]>

Re: Some secure way of updating sources?

Reply via email to