|go ahead... be a heretic|
Re^5: cpan/cpanm integrity and authenticy checks concernsby hrcerq (Scribe)
|on Jul 15, 2021 at 00:49 UTC||Need Help??|
Well, if you're using system perl (and you trust the operating system in the first place), than you can use the system perl provided key as a first resource. Otherwise, that depends on how you obtained perl.
Clearly, we're always reaching a point of no-trust. This is an unavoidable "chicken and egg" problem, because cryptography doesn't magically create trust, despite what many folks out there say about this. Making such assumptions might cause more trouble than not using cryptography at all.
For it to work we must know the complexities and limits involved.
Trust depends on the physical world, and cannot be virtually provided. So, however we use cryptography, it must be backed by physical bounds. That's why we have some reasonable trust on integrated circuit cards, while (hopefully) not so much on a credit card "security code", which could be somehow leaked.
That said, you should only trust a key if:
If such a trust chain cannot be created, then you must be willing to accept some level of risk. Some measures can be taken to reduce that risk, but it'll exist nonethless. One such measure is to disseminate your public key over many channels, so that all of them would have to be compromised by an attacker. Again, I'll mention OpenBSD with signify on this:
... If you have either the chicken or the egg, you're all set. But what about people with neither?
Hopefully, key rotation will help on that. If you can't verify the next key, then at least you know you had a compromised key. If you follow its trail (how you obtained it), you might help to strenghten the key distribution process.
return on_success() or die;