On Fri, Dec 11, 2015 at 01:53:04PM +0100, Thijs van Dijk wrote:
On 11 December 2015 at 13:17, Tati Chevron <chev...@swabsit.com> wrote:
Would you really trust HTTPS more than a physical CD being mailed to
you???
Yes.
Both provide some level of accountability, however with PKI you explicitly
trust a limited (though big) numer of third parties to do their job
properly, and in the case of a screwup, at least everyone involved is nice
enough to leave their name in the certificate chain. The same can't be said
for the hundreds of anonymous hands that handle my snail mail.
On the other hand, if somebody actually received a fake OpenBSD CD in
the mail, and it was discovered, it would be a huge news story within the
IT industry. A bad download, much less so.
Some years ago, when the Linux kernel was managed with BitKeeper, somebody
tried to introduce malicious code into a CVS gateway. It was quickly
discovered by Larry McVoy during normal integrity checks. It was a news
story for a while then faded away. Who remembers it now? On the other hand,
physical interception, tampering and replacement of a disc set for a project
like OpenBSD would catch the interest of the IT industry, and conspiracy
theories would run wild.
It's usually relatively easy to hack into something. It's much more difficult
to cover your tracks.
But even if PKI were actively on fire at the moment (which it is not),
what's wrong with doing both?
Basically the gain verses the effort and resources expended.
I agree that there is a value in distributing keys and source code in a way
that makes tampering difficult or highly visible.
I disagree that serving www.openbsd.org over https is a good way of doing
that.
--
Tati Chevron
Perl and FORTRAN specialist.
SWABSIT development and migration department.
http://www.swabsit.com
