Well, if you're using system perl (and you trust the operating system
in the first place), than you can use the system perl provided key as a
first resource. Otherwise, that depends on how you obtained perl.
Clearly, we're always reaching a point of no-trust. This is an
unavoidable "chicken and egg" problem, because cryptography doesn't
magically create trust, despite what many folks out there say about
this. Making such assumptions might cause more trouble than not using
cryptography at all.
For it to work we must know the complexities and limits involved.
Trust depends on the physical world, and cannot be virtually
provided. So, however we use cryptography, it must be backed by physical
bounds. That's why we have some reasonable trust on integrated circuit
cards, while (hopefully) not so much on a credit card "security code",
which could be somehow leaked.
That said, you should only trust a key if:
- you obtain it directly from its owner;
- you obtain it from someone you absolutely trust to have obtained
it directly from its owner;
- you obtain it from someone you absolutely trust to have obtained
it from someone else who you also absolutely trust to have obtained
it directly from its owner;
- ... and so on (you get the picture). Needless to say, the bigger
this trust chain, the more fragile it is.
If such a trust chain cannot be created, then you must be willing to
accept some level of risk. Some measures can be taken to reduce that
risk, but it'll exist nonethless. One such measure is to disseminate
your public key over many channels, so that all of them would have to be
compromised by an attacker. Again, I'll mention OpenBSD with
signify on this:
... If you have either the chicken or the egg, you're all
set. But what about people with neither?
There are no key servers for signify. No web of trust. Just keys. The
good news is the keys are pretty small. As demonstrated. We can stick
them just about everywhere, and we do. They're on the web site, they're
on twitter, they're on the top side of CD. 56 base64 characters. You can
read it out loud over the phone in under a minute. Wide dispersion makes
it harder and harder to intercept all the ways you may get the key and
increases the risk of detection should anybody try some funny business.
Hopefully, key rotation will help on that. If you can't verify the
next key, then at least you know you had a compromised key. If you
follow its trail (how you obtained it), you might help to strenghten
the key distribution process.
return on_success() or die;
| [reply] |