lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111004223932.GA3460@localhost.pp.htv.fi>
Date:	Wed, 5 Oct 2011 01:39:32 +0300
From:	Adrian Bunk <bunk@...sta.de>
To:	Valdis.Kletnieks@...edu
Cc:	"Frank Ch. Eigler" <fche@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Greg KH <gregkh@...e.de>
Subject: Re: kernel.org status: establishing a PGP web of trust

On Tue, Oct 04, 2011 at 04:29:48PM -0400, Valdis.Kletnieks@...edu wrote:
> On Mon, 03 Oct 2011 21:04:41 +0300, Adrian Bunk said:
> > On Mon, Oct 03, 2011 at 12:28:17PM -0400, Frank Ch. Eigler wrote:
> 
> > > What is the threat that this passport checking is intended to cure?
> > > That someone else might have been impersonating Rafael for years,
> > > sending patches, chatting in email and over the phone, and attending
> > > conferences?
> >
> > Key signing is an identity check.
> 
> That's dodging the issue. Somehow, I don't see Andrew Morton asking Linus to
> sign his key, and Linus saying "How do I know you're the *real* Andrew Morton?"
> And Andrew is a clever guy, if he was a fake Andrew, I'm sure he'd have gotten
> a fake ID that would be good enough to fool Linus, who is also a clever guy but
> I'm not aware of any special background he has in forgery detection. ;)
> 
> The more important point is that as far as the linux-kernel community is
> concerned, the guy we've all seen show up at conferences and present stuff all
> these times *is* Andrew Morton, even if his real name is George Q. Smith and
> he's been on the run for the last 27 years for an embarassing incident
> involving an ostrich, the mayor's daughter, and 17 gallons of mineral oil in
> the atrium of the museum. ;)
> 
> The ID check is  to connect an actual person to the claimed key, and primarily
> intended for key signing parties and the like, where people *don't* know each
> other very well. I think there's something like 5 people on the linux-kernel
> list who actually know me in real life, because I don't travel much and I'm
> rather in the boonies.  If I asked anybody *else* who I'd not met before to
> sign my key, yes, I'd expect them to check my ID, to ensure I wasn't somebody
> trying to pull a fast one at the keysigning party.

If you just want to be sure that patch number 100 comes from the same
person as the 99 patches before you could do that without key signing 
(require signed patches and check that all 100 patches were signed by
 the same key).

But the semantics of PGP key signing is that you certify that you 
verified that a photo ID of that person matches the name on the key.

No matter if that's needed for kernel purposes.
And no matter if it's possible to present you a fake ID.

One might discuss what requirements for access to kernel.org machines make 
sense or not, but when you sign a key you have to check a photo ID first.

> > > If so, perhaps the impostor is of more value to the
> > > project than the Real Rafael.
> > 
> > Pseudonymous contributions to the kernel are not allowed.
> 
> See above - whoever Andrew Morton *really* is, his contributions are hardly
> pseudonymous.

Each time a patch goes through him into the kernel, he certifies that 
his real name is Andrew Morton.

If that would not be his real name, it would make him somewhere between 
completely untrustable and punishable at court.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ