From: "Perry E. Metzger" <perry@piermont.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: rms@gnu.org, kurt@roeckx.be, emacs-devel@gnu.org,
Stefan Monnier <monnier@iro.umontreal.ca>,
"Stephen J. Turnbull" <stephen@xemacs.org>,
Rob Browning <rlb@defaultvalue.org>
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Tue, 28 Oct 2014 12:20:06 -0400 [thread overview]
Message-ID: <20141028122006.69384f7c@jabberwock.cb.piermont.com> (raw)
In-Reply-To: <87tx2o43an.fsf@mid.deneb.enyo.de>
On Tue, 28 Oct 2014 16:33:36 +0100 Florian Weimer <fw@deneb.enyo.de>
wrote:
> * Perry E. Metzger:
>
> > The trick is to make sure it isn't used as an instrument to
> > prevent ordinary people from booting software of their choice,
> > but rather is used as an instrument to assure that when they boot
> > the software of their choice, they're actually getting that and
> > not malware.
>
> None of the existing boot verification technologies provides this.
Agreed. That said, it is important not to throw the idea out entirely
-- don't dump the baby with the bathwater.
> It's also difficult to reconcile this with full user autonomy—if the
> user can load previously untrusted key material (and especially if
> this is an expected step during installation of a free operating
> system), the firmware can no longer warn about malicious keys and
> malicious software (because the user has replaced the trust root).
The user could, however, be in charge of what trusted roots they
accept/load into the firmware, or could hand-enter the hash of the
software they are willing to load. This does not appreciably reduce
security provided it has to be done with physical access to the
machine and is properly designed. (I'm unwilling to produce such a
design on the fly without thinking about it hard.)
My only point was that there are legitimate reasons to want to make
sure you're only loading the code you're expecting to load. Many of
the sorts of technologies being discussed are actually of use. Heck,
Debian signs all their packages at this point to assure
non-tampering -- there is clearly a legitimate use in using
signatures to make sure you're getting what you want. The only issue
is, as you note, that many such systems (see iOS for example) also
prevent you from getting things you might want, which is distinct
from using such systems to assure that you get only what you wanted.
--
Perry E. Metzger perry@piermont.com
next prev parent reply other threads:[~2014-10-28 16:20 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20141022193441.GA11872@roeckx.be>
2014-10-22 20:02 ` Bug#766395: emacs/gnus: Uses s_client to for SSL Rob Browning
2014-10-22 20:05 ` Rob Browning
2014-10-23 14:03 ` Ted Zlatanov
2014-10-23 15:57 ` Rob Browning
2014-10-24 13:39 ` Ted Zlatanov
2016-02-20 15:28 ` Kurt Roeckx
2016-02-21 2:47 ` Lars Ingebrigtsen
2017-02-22 20:38 ` Bug#766397: " Antoine Beaupre
2017-04-16 17:28 ` Rob Browning
2014-10-22 20:14 ` Stefan Monnier
2014-10-22 21:02 ` Andreas Schwab
2014-10-23 16:49 ` Andreas Schwab
2014-10-23 17:29 ` Lars Magne Ingebrigtsen
2014-10-23 20:36 ` Stefan Monnier
2014-10-24 7:01 ` Lars Magne Ingebrigtsen
2014-10-27 19:42 ` Filipp Gunbin
2014-10-23 16:34 ` Richard Stallman
2014-10-23 18:00 ` Florian Weimer
2014-10-23 18:37 ` Perry E. Metzger
2014-10-23 18:43 ` Florian Weimer
2014-10-23 18:57 ` Perry E. Metzger
2014-10-23 18:59 ` Florian Weimer
2014-10-23 19:11 ` Kurt Roeckx
2014-10-23 19:42 ` Perry E. Metzger
2014-10-23 19:50 ` Florian Weimer
2014-10-23 20:26 ` Perry E. Metzger
2014-10-23 21:05 ` Kurt Roeckx
2014-10-24 2:56 ` Perry E. Metzger
2014-10-23 21:48 ` Stephen J. Turnbull
2014-10-24 3:00 ` Perry E. Metzger
2014-10-24 20:51 ` Stephen J. Turnbull
2014-10-24 21:14 ` Perry E. Metzger
2014-10-24 21:33 ` Lars Magne Ingebrigtsen
2014-10-25 0:36 ` Perry E. Metzger
2014-10-25 15:27 ` Ted Zlatanov
2014-10-25 15:53 ` Lars Magne Ingebrigtsen
2014-10-26 8:15 ` Florian Weimer
2014-10-26 11:42 ` Lars Magne Ingebrigtsen
2014-10-26 12:45 ` Florian Weimer
2014-10-26 1:42 ` Richard Stallman
2014-10-26 7:38 ` Florian Weimer
2014-10-24 21:47 ` Stephen J. Turnbull
2014-10-25 0:42 ` Perry E. Metzger
2014-10-27 17:17 ` Stephen J. Turnbull
2014-10-27 19:39 ` Perry E. Metzger
2014-10-28 7:04 ` Stephen J. Turnbull
2014-10-28 7:45 ` Thien-Thi Nguyen
2014-10-28 8:44 ` Stephen J. Turnbull
2014-10-28 13:31 ` Stefan Monnier
2014-10-28 15:19 ` Perry E. Metzger
2014-10-28 15:33 ` Florian Weimer
2014-10-28 16:20 ` Perry E. Metzger [this message]
2014-10-28 16:52 ` Stefan Monnier
2014-10-28 17:11 ` Perry E. Metzger
2014-10-29 3:19 ` Stephen J. Turnbull
2014-10-28 15:10 ` Perry E. Metzger
2014-10-29 2:33 ` Stephen J. Turnbull
2014-10-29 3:06 ` Perry E. Metzger
2014-10-29 7:28 ` Stephen J. Turnbull
2014-10-29 11:19 ` Perry E. Metzger
2014-10-23 19:03 ` Kurt Roeckx
2014-10-24 13:35 ` Ted Zlatanov
2014-10-25 7:31 ` Richard Stallman
2014-10-25 14:33 ` Perry E. Metzger
2014-10-25 15:49 ` removing SSLv3 support by default from the Emacs GnuTLS integration (was: Bug#766395: emacs/gnus: Uses s_client to for SSL.) Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141028122006.69384f7c@jabberwock.cb.piermont.com \
--to=perry@piermont.com \
--cc=emacs-devel@gnu.org \
--cc=fw@deneb.enyo.de \
--cc=kurt@roeckx.be \
--cc=monnier@iro.umontreal.ca \
--cc=rlb@defaultvalue.org \
--cc=rms@gnu.org \
--cc=stephen@xemacs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).