[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [Fwd: Re: [gentoo-dev] Redux: 2004.1 will not include a secure portage.]
From:       Paul de Vrieze <pauldv () gentoo ! org>
Date:       2004-03-27 13:06:40
Message-ID: 200403271406.41526.pauldv () gentoo ! org
[Download RAW message or body]


On Friday 26 March 2004 23:03, Patrick Lauer wrote:
> I could also use my baseball bat to convince you to give me the key.
> So the difference between physical access to the machine and to the
> developer is at a comparable level of difficulty.
>
> The weak spot of all systems seems to be the presence of a "master" key.
> If there was a finite number (maybe 5) of equal "master" keys the
> compromise of one key would not "break" the system completely, but I'm
> not aware of any multi-key protocols.

The scheme I proposed should work with multiple master keys. It would require 
more organization to get the montly intermediate keys signed, but it is easy 
to require that a key is signed by 5 keys instead of one.

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]