Fedora User Certificates
John Gilmore
gnu at toad.com
Fri Aug 22 17:30:09 EDT 2008
Isn't it interesting how we have all this public-key infrastructure
to secure all these key projects -- but every few years we throw it all
out the window and start over -- based on insecure email messages!
> However if you don't replace the certs you will not have access to
> cvs or the buildsystem. they are using only the new certs and
> checking the crl.
This sounds even fishier to me.
Let's suppose the servers were broken into and severely compromised. (*)
What could the miscreants have done that would invalidate every
end-user's existing client certificate?
There was no break-in to the clients. Why should the clients need to
replace anything? Has the server lost its ability to validate the
signature on the client certs?
There may be large amounts of hassle coming for every Fedora end-user
who wants to be able to download only signed packages (if, out of what
they describe as an abundance of caution, Fedora changes the signing
key for the whole distro). But why also make unnecessary(**) hassle
for every Fedora developer?
John
(*) The last posting on the subject,
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
says rather that it was a relatively minor intrusion -- but let's assume
an even worse one.
(**) It's hard for the external community to know what's necessary and
what's unnecessary, since the core team is only letting small amounts of
info trickle out, in odd orders (like "change all your client certs"
before "here's why").
More information about the Devel
mailing list