oss-sec mailing list archives
Re: Travis CI MITM RCE
From: zugtprgfwprz () spornkuller de
Date: Fri, 31 Aug 2018 22:54:47 +0200
On 31.08.2018 17:52, Daniel Kahn Gillmor wrote:
In nearly every case where we're talking about automated signature checking, the cost of shipping the public key instead of (or in addition to) the fingerprint is negligible. and shipping just the fingerprint introduces robustness and reliability problems for the signature verification.
Ah, fair enough. Thanks for clarifying this, you're making good points. The robustness issue is indeed something I completely disregarded. Luckily, we've already arrived at a point where keys can be as short as hash values. Ed25519 keys are 32 bytes, i.e., the same length as a SHA256 hash. So there's that :-) All the best, Cheers, Joe -- "A PC without Windows is like a chocolate cake without mustard."
Current thread:
- Travis CI MITM RCE Jakub Wilk (Aug 25)
- Re: Travis CI MITM RCE Phil Pennock (Aug 26)
- Re: Travis CI MITM RCE Jeremy Stanley (Aug 26)
- Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 28)
- Re: Travis CI MITM RCE zugtprgfwprz (Aug 30)
- Re: Travis CI MITM RCE vines (Aug 31)
- Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
- Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 31)
- Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
- Re: Travis CI MITM RCE Phil Pennock (Aug 26)