Since this thread is both TOP and BOTTOM posted, I am going UPPER MIDDLE post.
>bofh wrote:
>> Code signing by blood. ISAGN.
>>
>>
>> "Sorry marc - had to do it"
>>
>>
>
>
>what if theo is a "person of interest", has his endpoint surveilled and
>his key and passphrase are compromised? if somebody stole a pint of
>blood, that could go a long way in your proposed plan...
>
>short of having a web of trust, meeting people in person to sign their
>keys and assuming private keys and passphrases have not been
>compromised, you're pretty much SOL here. best bet is to use anoncvs and
>verify your cvs server's public key in person, but even that is a PITA.
>if massive databases of key fingerprint collisions exist MITM is very
>real even with a key fingerprint, multiple fingerprints make this much
>harder.
>
>if anyone has a non-trivial quantum computer or remote viewing really
>works, the gig is pretty much up anyhow.
>
>< jy-p cinches his tinfoil hat and returns to following the yellow brick
>road... >
Like Keyser Soze, Theo has neither blood nor DNA. Except for me at beer last
night, no one has ever seen Theo.
So everyone's point is moot.
>
>
>> On 12/6/07, Jeff I. Ragland <[EMAIL PROTECTED]> wrote:
>>
>>> On 06 Dej 2007, at 5:39 LL, bofh wrote:
>>>
>>>
>>>> You forgot one option. Invite Theo to give a talk, and ask him to
>>>> bring the CDs. If you can't trust Theo's CDs, all hope is lost.
>>>>
>>> And how would you know that it is indeed Theo and not someone that
>>> looks like him? I think that blood samples and DNA tests is the only
>>> way to go here.
>>>
>>>
>>>
>>>> Just need to make sure there're some mountains around for Theo to go
>>>> climb. If you live on a flatland, then, sorry, you're doomed.
>>>>
>>>>
>>>> On 12/6/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
>>>>
>>>>> On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
>>>>>
>>>>>
>>>>>> One risk would be the plans of "online surveillance" of computers
>>>>>> e.g.
>>>>>> in Germany. One way to install surveillance even on OpenBSD would
>>>>>> be to
>>>>>> actively interfere with the internet connection with the surveilled
>>>>>> person, in the man-in-the-middle sense, and inject trojanned code
>>>>>> ("Bundestrojaner") into the updates of the victim.
>>>>>>
>>>>> Using software from any source without interference from an
>>>>> all-pervasive government is a very special, but unfortunatly today, a
>>>>> very real issue for many people around the world. To be secure, you
>>>>> have to get pieces of the puzzle over multiple paths. It all can't
>>>>> come
>>>>> via the net since then you're open to man-in-the-middle.
>>>>>
>>>>> Key-revocation announcements could come over the net (via an announce
>>>>> list) but the new key would then have to come over a second channel.
>>>>>
>>>>> One second-channel option is the q6mth CD issue, which could
>>>>> include a
>>>>> new public key and e.g. known-hosts fingerprints. This is
>>>>> vulnerable to
>>>>> a very determined man-in-the-middle who can replicate and then
>>>>> alter the
>>>>> CD before it arrives to you in the mail.
>>>>>
>>>>> Another option is a trusted courier flying to Alberta and get a CD
>>>>> from
>>>>> the OpenBSD store (yeah, right).
>>>>>
>>>>> In fact, likely any other technological option (e.g. an answering
>>>>> machine in Alberta that spits out the alphanumerics of the current
>>>>> master public key) is still suceptible.
>>>>>
>>>>> If every piece of information you receive is filter through your
>>>>> government, is there any hand-shaking protocol that can allow you to
>>>>> establish a verified information connection (not necessarily
>>>>> encrypted)?
>>>>> I don't think so.
>>>>>
>>>>> Sure, Debian has signed .debs that use gpg as a back end (the
>>>>> system is
>>>>> called apt-key), it relies on you trusting the fist key that you get
>>>>> from them. Since Debian doesn't actually mail out its own CDs,
>>>>> everything is off its mirrors. apt-key only 'protects' you from a
>>>>> later
>>>>> man-in-the-middle.
>>>>>
>>>>> I think that this is the central 'problem' that people are dancing
>>>>> around.
>>>>>
>>>>> Personally, if this thread is to continue, I would like to see it
>>>>> move
>>>>> from a "Why doesn't OpenBSD do things this way?" to a "What are the
>>>>> threat models for OpenBSD identity theft and how can we protect
>>>>> ourselves?".
>>>>>
>>>>> Doug.
>>>>>
>>>>>
>>>>>
>>>> --
>>>> http://www.glumbert.com/media/shift
>>>> http://www.youtube.com/watch?v=tGvHNNOLnCk
>>>> "This officer's men seem to follow him merely out of idle curiosity."
>>>> -- Sandhurst officer cadet evaluation.
>>>> "Securing an environment of Windows platforms from abuse - external or
>>>> internal - is akin to trying to install sprinklers in a fireworks
>>>> factory where smoking on the job is permitted." -- Gene Spafford
