| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Sunday 04 August 2002 18:55, Spider wrote: |
| 5 |
> Well, I was browsing around the other day checking into the |
| 6 |
> "behind the scenes" work of gnupg and keyservers when I |
| 7 |
> stumbled on this link.. |
| 8 |
> |
| 9 |
> |
| 10 |
> http://www.cryptnet.net/fdp/crypto/strong_distro.html |
| 11 |
|
| 12 |
i've just read it (though not very carefully). to me this looks |
| 13 |
like a description of the "usual" package signing procedure |
| 14 |
(based on asym/pubkey crypto). |
| 15 |
|
| 16 |
as a part of a semester thesis (thus do not take that stuff too |
| 17 |
seriously, ok? ;) i've developed such a package signing concept |
| 18 |
for portage and hacked a tiny prototype portage extension too. |
| 19 |
(btw. i've sent it to a couple of core devs once. that's when |
| 20 |
ryan told me about his package signing tool.) |
| 21 |
|
| 22 |
here's a quick overview of some concepts behind it: |
| 23 |
|
| 24 |
* usual package signing concept (asym crypto, pubkey instead of |
| 25 |
x509) |
| 26 |
* leverage as many of existing technologies as possible (portage, |
| 27 |
gnupg, web of trust). -> traditional open source/unix approach. |
| 28 |
* backwards compatibility (usage of the extension is optional) |
| 29 |
* should be as easy as possible to use for both users and core |
| 30 |
devs. reasonable defaults, but customizable. |
| 31 |
* ensure scalability of the gentoo development process (each core |
| 32 |
dev signs "his" ebuild submissions, no bottleneck) |
| 33 |
* security through a loosely coupled, modular design with a |
| 34 |
clearly defined interface to portage ("hooks" into portage). |
| 35 |
k-i-s-s -> traditional security approach. |
| 36 |
* fine-grained levels of trust through gnupg and most |
| 37 |
importantly: the user defines himself, whom he trusts or not. |
| 38 |
* no need to ship public keys. keys get fetched automatically |
| 39 |
from public key servers. "single point of failure" conscious. |
| 40 |
|
| 41 |
it comes down that trust (from the user's point of view) is |
| 42 |
required at the following places: |
| 43 |
|
| 44 |
* the user must trust the security of his own box |
| 45 |
* the user defines wether he trusts the authenticity of a core |
| 46 |
devs openpgp key. |
| 47 |
|
| 48 |
each core dev is responsible for the security of his own private |
| 49 |
key. however, if a key gets compromised, he can revoke it as |
| 50 |
usual etc. |
| 51 |
|
| 52 |
issues: |
| 53 |
|
| 54 |
* establishing a trusted key chain from the user to one or more |
| 55 |
valid keys in the core devs keyring. establishing trusted key |
| 56 |
chains between core devs. this is the common issue with the web |
| 57 |
of trust/open pgp in contrary to hierarchical, centralized trust |
| 58 |
models (well, there the same issue exists but at a place where |
| 59 |
the user usually does not notice it -> faked trust). see section |
| 60 |
iii.10 of the paper for possible "solutions". |
| 61 |
* integration with portage and its frontends. a good package |
| 62 |
signature verification process should/will require some user |
| 63 |
intervention which is opposite to the current batch processing |
| 64 |
concept of portage. if so, it has to be implemented in a way |
| 65 |
that allows frontends to handle it too. |
| 66 |
* _security_ of ebuilds, patches, tarballs etc. |
| 67 |
|
| 68 |
the first two issues are pretty tough stuff. the third one is |
| 69 |
minor, just to recall that trust != security (there will never |
| 70 |
be security, only trust_) |
| 71 |
|
| 72 |
i've implemented the prototype using procedural python (an oo |
| 73 |
approach would have been better) in a typical rad manner (code |
| 74 |
not fully functional, not optimized, ...) -> it is a |
| 75 |
proof-of-concept only and i _do not_ recommend to use it _any_ |
| 76 |
further. |
| 77 |
|
| 78 |
nevertheless i think that the concept behind it is fine. as it is |
| 79 |
basically a simple package signing concept based on open pgp |
| 80 |
(see section iii.10) it probably can not be improved much unless |
| 81 |
one takes a completely different approach (for example by mixing |
| 82 |
in some zero-knowledge-proof stuff ;). |
| 83 |
|
| 84 |
for those interested, the paper and the sources are available |
| 85 |
here: |
| 86 |
|
| 87 |
http://www.icu.unizh.ch/~mettlerd/semesterthesis/ |
| 88 |
|
| 89 |
in my view, implementing a mechanism to ensure the authenticity |
| 90 |
and integrity of the portage tree is crucial for gentoo's future |
| 91 |
(think of all the portage tree mirrors out there). however, |
| 92 |
it's not a trivial thing. |
| 93 |
|
| 94 |
regards |
| 95 |
|
| 96 |
dan |
| 97 |
|
| 98 |
- -- |
| 99 |
...::: Daniel Mettler | http://www.numlock.ch :::.... |
| 100 |
|
| 101 |
-----BEGIN PGP SIGNATURE----- |
| 102 |
Version: GnuPG v1.0.7 (GNU/Linux) |
| 103 |
|
| 104 |
iD8DBQE9UF39SLYjgrGjnWQRAk1jAJ9jWtJmG/KDyiq+rEZlK3YkaSnA2ACfc//s |
| 105 |
0sncgx6z7SOQsmrPxEoqRFY= |
| 106 |
=rSfV |
| 107 |
-----END PGP SIGNATURE----- |
Archives