[Freedombox-discuss] PGP Keyserver
James Vasile
vasile at freedomboxfoundation.org
Fri Dec 9 18:18:09 UTC 2011
On Fri, 9 Dec 2011 18:36:14 +0100, Eugen Leitl <eugen at leitl.org> wrote:
> On Fri, Dec 09, 2011 at 12:18:14PM -0500, James Vasile wrote:
>
> > Key servers are public. You don't want to put your private key on one.
> > If you want to move your keyring from one machine to another, you can
> > copy over the .gnupg directory.
>
> By the way, what is the plan to manage the code-signing root?
> Obviously freedomboxes would be really juicy MITM targets, so
> what kind of physical security and compartment separation
> for secrets are you planing?
Physical security of end user FreedomBoxes is beyond our scope.
Separating secrets is a hard one to plan until we know better what
secrets there are and how apps will want to access them. Our approach
to MITM attacks is to use GPG to verify identity wherever we can.
>
> How are software updates planned, for that matter? Self-hosted
> via p2p or regular Debian depositories?
So far, the plan is to use the regular Debian mirror network, with sign
off from Bdale.
>
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list