Re: Crypto software that is exportable from the USA

To: Bear Giles <bear@coyotesong.com>
Cc: debian-devel@lists.debian.org
Subject: Re: Crypto software that *is* exportable from the USA
From: Raul Miller <rdm@test.legislate.com>
Date: Sat, 23 Jan 1999 20:33:18 -0500
Message-id: <[🔎] 19990123203318.I3782@rdm.legislate.com>
Mail-followup-to: Bear Giles <bear@coyotesong.com>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 199901240103.SAA09474@eris.coyotesong.com>; from Bear Giles on Sat, Jan 23, 1999 at 06:03:02PM -0700
References: <[🔎] 19990123160829.E3782@rdm.legislate.com> <[🔎] 199901240103.SAA09474@eris.coyotesong.com>

Bear Giles <bear@coyotesong.com> wrote:
> The problem isn't in *producing* a package, it's in *acquiring* that
> package later.  What happens if someone successfully attacks a site
> immediately before you mirror it?

What happens if someone replaces a PGP signature?

Answer: people notice.

[Consider an advanced attack, launched from a "router" which changes
certain packets "in-flight" so that some files, when downloaded,
are different from what's on the server, for some range of client ip
addresses.  I don't know if script kiddies have a toy that does this yet,
but it'll happen eventually.]

> MD5 checksums aren't adequate, since the attacker can forge new ones.
> Cryptographically signed checksums don't help, since the software (at
> time of export) can't include the software to verify them.  Downloading
> PGP from the ZA site won't help because you can't verify *its* checksum.

If you can trust the debian packages, you can trust an md5sum contained
in one of those packages.

Perhaps a distributed auditing system (like what was used for the RSA
challenge, but instead periodically downloading files and verifying
md5sums) would be a good thing -- to set off alarms after a site has
been cracked.  [If no alarms go off for some period of time after you've
downloaded a fresh copy of the system, you can be reasonably confident
that you got a good copy and that the signatures you have are probably
the correct ones.]

Perhaps useful would be independent "signature clearinghouses" which let
you check md5sums without talking to the site you got your packages from.
[The more paranoid might want to check against a large number of sites,
and might want an auditing system to be in place as well.]

> > Bootstrapping is hard -- best you can do for the general case is compare
> > notes after you've gotten a secure system up.
> 
> And that, it seems, is exactly the "problem" that this program seeks
> to "fix."

Obviously it can't fix the problem for the past.

However, it might help in the future...

[Perhaps more important: security oriented technology can only be a
part of a secure system.]

-- 
Raul

Reply to:

References:
- Re: Crypto software that *is* exportable from the USA
  - From: Raul Miller <rdm@test.legislate.com>
- Re: Crypto software that *is* exportable from the USA
  - From: Bear Giles <bear@coyotesong.com>

Prev by Date: Re: Crypto software that *is* exportable from the USA
Next by Date: Re: Debian logo & its license
Previous by thread: Re: Crypto software that *is* exportable from the USA
Next by thread: Re: Crypto software that *is* exportable from the USA
Index(es):
- Date
- Thread

Re: Crypto software that *is* exportable from the USA

Re: Crypto software that is exportable from the USA