[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Jack Jansen Jack.Jansen at cwi.nl
Fri Oct 3 18:43:57 EDT 2003 

On 3-okt-03, at 17:48, Bob Ippolito wrote:

>> On its own, no. But combined with another algorithm that allows a 
>> trusted source to
>> advertise (in a secure way) the md5sums of all relevant documents 
>> s/he ever created
>> it does. If you really want I could write it down in 
>> Needham-Burrows-Abadi formalism
>> (or whatever the people involved were again).
>>
>> Or, to elaborate on the steps again (taking you as an example):
>>
>> 1. You change your pimp database.
>> 2. You take the md5sum of it, let's say it's 12345 (but with many 
>> more digits:-)
>> 3. You create a secure document 
>> https://undefined.org/pimp/integrity.html
>>    saying "I, Bob Ippolito, created this packman database. Use at 
>> your own risk".

AAAARGH! Here I made a crucial mistake: the URL is specific to this 
instance of your
database, in other words, it is 
<https://undefined.org/pimp/integrity/12345.html>.

>> 4. You don't ever delete this file, even when updating the database.
>> 5. You now upload the database to 
>> <http://undefined.org/pimp/pimp-macosx-whatever.plist>.
>> 6. My mum downloads your database through packman, and presses the 
>> "integrity check"
>>    button.
>> 6. She is presented with a dialog
>> 	You can now use your internet browser to test that this database was
>> 	actually created by %s. Check that the padlock is closed (if it is
>> 	open there is a very good chance that this is a forged database). If
>> 	you get a message about an untrusted certificate this is also a sign
>> 	of a forgery. Finally check that the URL starts with https: and 
>> points
>> 	to the website of %s.
>> 	
>> 	Note that all these checks only mean that this database has not been 
>> tampered
>> 	with since it was created. Whether you trust %s remains wholly up
>> 	to you.
>
> 1.  You orchestrate some sort of man in the middle attack.
> 2.  You take the existing integrity.html document
> 3.  You create a new evil packman plist file
> 4.  You add the md5sum of your evil packman plist file and append it 
> to integrity.html
> 5.  You upload the database and integrity.html to your evil man in the 
> middle server
>
> The padlock thing helps some, but it only works for people with 
> trusted SSL certificates, which are typically not cheap, and I 
> wouldn't expect everyone maintaining a distribution to have one.

Having a trusted SSL certificate is tantamount to the whole idea! 
Untrusted
SSL certificates are as good as locking your door and leaving the key
under a stone beside it....

But note that not everyone maintaining a pimp database would need one,
it would just mean a little more work. If I had an SSL key, and you and
I could communicate securely (lets say PGP-based) you would put a URL
of the form <http://www.cwi.nl/~jack/pimp/integrity/%s.html> in your
database, send me the md5 sum whenever you change it, and I would create
the 12345.html file with the contents "I, Jack Jansen, am convinced Bob
Ippolito created this database".
--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma 
Goldman

More information about the Pythonmac-SIG mailing list