Fedora User Certificates

Dennis Gilmore dennis at ausil.us
Fri Aug 22 18:02:41 EDT 2008 

On Friday 22 August 2008 04:30:09 pm John Gilmore wrote:
> Isn't it interesting how we have all this public-key infrastructure
> to secure all these key projects -- but every few years we throw it all
> out the window and start over -- based on insecure email messages!
>
> > However if you don't replace the certs you will not have access to
> > cvs or the buildsystem.  they are using only the new certs and
> > checking the crl.
>
> This sounds even fishier to me.
>
> Let's suppose the servers were broken into and severely compromised. (*)
> What could the miscreants have done that would invalidate every
> end-user's existing client certificate?

nothing.  It has been in the pipeline for a while to be replaced.    As  it 
was say you lost your cert.  which what we issued was a key and a signed 
certificate.  we had no way to revoke that certificate.  we took the downtime to 
implement the changes as a precautionary measure and to enable things to be 
easier in the future.  in the past we had a user paste his cert and key 
publicly.  we ended up changing his username to ensure no one used the 
certificate/key  to do something bad. this was a big gap in the way things were 
setup initially.  

https://www.redhat.com/archives/fedora-infrastructure-list/2008-
March/msg00155.html  lists the plans to replace it it had been brought up a 
few times before that also. but that's when we formally started working on 
getting it replaced.

> There was no break-in to the clients.  Why should the clients need to
> replace anything?  Has the server lost its ability to validate the
> signature on the client certs?
>
> There may be large amounts of hassle coming for every Fedora end-user
> who wants to be able to download only signed packages (if, out of what
> they describe as an abundance of caution, Fedora changes the signing
> key for the whole distro).  But why also make unnecessary(**) hassle
> for every Fedora developer?
because of bad design decisions way back when all user certs were issues with 
a serial of 00.  while the changes are slim to remote rather than assume no 
one has certs with higher serial numbers. we made sure that certificates are 
accounted for.


Dennis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080822/65ece742/attachment.sig>

More information about the Devel mailing list