From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mout.kundenserver.de ([212.227.17.10]) by metis.ext.pengutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1bfTds-0006VG-NC for ptxdist@pengutronix.de; Thu, 01 Sep 2016 17:11:00 +0200 Received: from idefix.lespocky.dyndns.org ([178.24.22.29]) by mrelayeu.kundenserver.de (mreue103) with ESMTPSA (Nemesis) id 0Lm6Wf-1b6gzH45Ef-00ZdNX for ; Thu, 01 Sep 2016 17:10:55 +0200 Received: from buffy.lespocky.dyndns.org ([10.182.63.86]) by idefix.lespocky.dyndns.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82) (envelope-from ) id 1bfTdg-0006hL-Ab for ptxdist@pengutronix.de; Thu, 01 Sep 2016 17:10:54 +0200 References: <1471445616-7728-1-git-send-email-rohieb@rohieb.name> <20160818065342.463fc7qfeixtb4vt@pengutronix.de> <20160828073629.qogtrcb4wc72xdvb@pengutronix.de> <6b808b5c-e3f6-6d63-9378-6495a15f3c1b@rohieb.name> From: Alexander Dahl Message-ID: <12c4c0cb-c5aa-8f61-adc2-5b502a50f52f@lespocky.de> Date: Thu, 1 Sep 2016 17:09:56 +0200 MIME-Version: 1.0 In-Reply-To: <6b808b5c-e3f6-6d63-9378-6495a15f3c1b@rohieb.name> Subject: Re: [ptxdist] [PATCH] ibrdtn: add packaging rules for IBR-DTN and dtndht List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: multipart/mixed; boundary="===============1155950885==" Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1155950885== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="AAeqcQVm8jisIwqQ0OFvjen5k1NKQQOg1" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --AAeqcQVm8jisIwqQ0OFvjen5k1NKQQOg1 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hei hei, On 28.08.2016 20:36, Roland Hieber wrote: > The key material would rather need to be > generated at build time and/or put into projectroot/etc/ibrdtn/bpsec by= > the user. Generating one key at build time for all your devices may be seen as a security flaw, doesn't it? If you build update tarballs from your BSP for example, which contain in some way private keys, an attacker could replace those keys? On the other hand, embedded devices often lack good random number creation capabilities, so creating keys on the target may be bad, too? Greets Alex --AAeqcQVm8jisIwqQ0OFvjen5k1NKQQOg1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXyET4AAoJEDStzQByIVzGv6EP/RzOVi6h15EweSM9vCo9DrqT yW4NmaLoksGwEoenozMacyLamZWKZL7Jd421UegP8KUNuoBuyf1exeS5wthNXW8R xGdecB5VsfAH9cqdDla1u0yi4cs8WTe7KXVuk8oKBaCDffG042tG/KOfanZMN6jj G4xZW6Ua5kiREFdzX5mCseMv7XYesjcEmXxL8oCS95fEc5AhrP8eBx4JzwJFhOsE 4hG94ln9Mu/pWCUmeUWN3tJ6Eh1Bvt4geRVBCrfVpm/LlyuIRfar3jwA7jWNIRhL g4C30oddRyNoiEIC4rCxlJNt6tVz7YbeyAWvY/qfm1LY5/irbXSYcIwxBpA6Cu61 0IX2ySKvWmwe4PHWbAhVSuOZPdCUf1XimYp9xfFozlOsNr6RR+SRZrv3pq64oNTj L0TBdUphalrXyPCGapyuti2KHHF5I4lIboKHHxLy9tgofI1Wq5RmXflY00mh5wvz gcmSO3ANraSV0jKdUAvi4p0pSIurFUQ5lmSMyBsv0exiP9hqnkqJZ+/VD6ViTlx+ TFPAdq7g9VfzjSt/naVeLsOphCILYly+mPMnbAUuCCTtMPw3bpcm7cmFjKdS65cZ HCsCrJwCvArmwIRYic1XP/CJJrjMfVPXVrtCqX1bXkdyqZF250qEIlAgEmfHyK03 LAa/abJ3/VsI8YFa3gz/ =7F3K -----END PGP SIGNATURE----- --AAeqcQVm8jisIwqQ0OFvjen5k1NKQQOg1-- --===============1155950885== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KcHR4ZGlzdCBt YWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQ== --===============1155950885==--