'Re: [qubes-devel] Re: GitLab'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: GitLab
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2017-05-19 13:13:49
Message-ID: 20170519131348.GA23784 () work-mutt
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, May 14, 2017 at 10:16:13PM -0500, Andrew David Wong wrote:
> On 2017-05-14 21:52, Peter Todd wrote:
> > On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote:
> > > > > (2), meanwhile, requires transferring the key to the QMSK's
> > > > > environment via:
> > > > 
> > > > <snip>
> > > > 
> > > > We're in agreement that's a less-than-wise idea. :)
> > > > 
> > > 
> > > Great points. Thanks! I think your setup would have been
> > > preferable, since I'm pretty sure Marek's key was generated on a
> > > different machine (in which case some kind of riskier transfer
> > > must have occurred, but perhaps special precautions were taken).
> > 
> > However, if that was done, is it really Marek's key?
> > 
> > I'd want to think carefully about putting my name on such a key if
> > I hadn't generated it on my machine. OTOH, Marek doesn't appear to
> > have actually signed that key with any other key, so maybe he and I
> > agree on this point. :)
> > 
> 
> I'm not saying that it would have been preferable for *Marek's* key to
> have been generated in the QMSK environment. Rather, I'm saying that
> it would have been preferable for a Strong Set Signing Key (SSSK) to
> have been generated in the QMSK environment and used to get the QMSK
> into the Strong Set, as you proposed, *instead of* Marek's key ever
> having been signed by the QMSK. (But again, I don't know what special
> precautions might have been taken in that case. Maybe it's fine.)
> 

Hi, thanks for the interesting discussion and many good points. This has
inspired me to create this ticket:

https://github.com/QubesOS/qubes-issues/issues/2818

Let's discuss there.

Thanks,
joanna.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJZHu+MAAoJEDOT2L8N3GcYGxkP/A6xPFKnAI8tOao+P7B7wmGl
Ua5eaQP3Ps7SJGmlQu+oNkrIcOL5MHPkU1UqjBP+sgRAoBbeXhBuoZ/xXKRTYKdk
kjo4TKY9atvUVzV8mymIk7NyTHqhktlRf9GdHKbQ+0equp4/pmmf5fVTEmxZFoVT
x8rFxIdxsQDgjtWoKyCndnbDPlNfdzsLBj6/QhrBjlt86zREr4aZ7/D6KRrVUggK
4GuhT6tMMRVXL6LvF7mbw5cz0aLiVLODvhY0YFzUInEXIvp7UGlKpcPjsFJtPlFu
RHIXdNiiJHZCr1qgV2IjEpAVK/p+AxqJVu7X7Jt38fjvEcrkVPWvGcyafq59UpZp
+DuKGQjFufQoB36F8q0fl8rqfaR0bG9WoNzh6tE23k4T0cZzy1UpCOb7fz1XYWuj
csKAxkS1FvljT6v/7D1LoFo7mrPJaOruqZNRn5Yd6nc/OHJAM23r/O2fhFKNPR2O
CSpeiqPCwzGcoca+x7ptPv4j0Bp27Gt9WsR/HqcTb2p6PVkKpZw0gC0P85tQ2H2K
aPZFwajCDQa4PUY+hNzbMg9UW7gMPYOxL2INd6y1i9dt3K/IRIg8ou8FqMIk4vC3
IhyR8OcRwsXmki43oKVIbHZ6cFCo/MYs8xWjTs+x/bFKWxYlDBqzDePdoddOyuAT
FjRmp2HS7bRiXtRPO+Jg
=uVuG
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20170519131348.GA23784%40work-mutt. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic