oss-sec mailing list archives
Re: CVE for Kali Linux
From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Sun, 22 Mar 2015 20:19:00 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/22/2015 06:55 PM, Kurt Seifried wrote:
...
The problem is to do this you need some key/shared secret/verifiable secret, e.g. a GPG key. How do I get the GPG key securely?
The same way as for bootstrapping key validity using OpenPGP , in the absence of a direct verification path a probabilistic trust model can be used, mainly. The package being signing using the same key over time signifies that it is coming from authoritative source (unless you've been MITMed a long time), the fingerprint of the OpenPGP key should be included in email announcements and other documents that are being mirrored by multiple sources, reducing the likelihood of a MITM if corresponding information is the same in multiple archives over a long time. Its always better to have a direct validation path to the key in question, but all is not in vein without it. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVDxWhAAoJEP7VAChXwav6dBMIAIi/1dMykJO58oL0yFUZmU95 x+zhzrmPepuOJcJb1WEPzU3LZvf+fQYS+c4YivG95MA7u4ljWcW55BJYZd5+AIMM 6emwg1mFuqenEMby8zFCDYyLardM4GODifhPXDE9LF6YoJ26m1twPWWMXcioWioO vNMrQoaTNdpR4jkNX8FGUm5/hDS8iM+BDiT5qjQ3INz3/x0pnVg2pjxjNBuV6CkZ PTGVrwVXT9uxrgw4XkF+59/IS/weWrNUSnFoNRuTBseNXor5jjrSRY1W010yLVX3 +leeB6wTVmfTuBxbl5T9pCtd6Xv4fq8fL5KILppsUyLa1STDXlnPz3o/x+ukPxc= =AT4h -----END PGP SIGNATURE-----
Current thread:
- Re: CVE for Kali Linux, (continued)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Donald Stufft (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Stephen Kitt (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)