http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1086
Summary: GPG key for releases should be signed to prevent Trojans
Product: Web sites
Version: N/A
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Main site - www.wireshark.org
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: rmunn@xxxxxxxxx
The GPG key used to sign the
http://www.wireshark.org/download/SIGNATURES-0.99.3.txt file (and future
release signatures) is currently (as of September 1st, 2006) self-signed but
has no other signatures on it. This leaves open the possibility of a Trojan
attack: if someone manages to get enough access to the wireshark.org site to
upload a Trojaned binary, he could also simultaneously upload a faked GPG key
to make his Trojaned binaries look legit.
In fact, for all we know, this could already have happened. Not that I actually
think this likely, but in the field of security, the right question isn't "Am I
being paranoid?" The right question is, "Am I being paranoid *enough*?" :-)
To protect against this, it would be best if Gerald Combs could get his key
signed by some other well-known GPG keys. "Well-known GPG keys", in this case,
would be keys that are signed by enough other keys to be part of the primary
Web of Trust. This avoids someone uploading a faked key with six signatures
that turn out to be "Sock Puppet #1, Sock Puppet #2, Sock Puppet #3...".
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.