On Mon, Feb 05, 2024 at 08:49:09AM +0100, Simon Josefsson wrote: > Bill Allombert <ballo...@debian.org> writes: > > > Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit : > >> Hi > >> > >> I'm exploring how to defend against an attacker who can create valid > >> signatures for cryptographic private keys (e.g., PGP) that users need to > >> trust when using an operating system such as Debian. A signature like > >> that can be used in a targetted attacks against one victim. > >> > >> For example, apt does not have any protection against this threat > >> scenario, > > > > Is not apt-key a protection ? > > No, the current implementation protects against missing and/or invalid > signatures. Compare how in the WebPKI world some CA issued a valid > *.google.com certificate, and how that (and other incidents) lead to > setup of Certificate Transparency, which helps mitigate these issues.
The difference is that with apt-key, the list of valid public keys is stored on the user system (in /etc/apt/trusted.gpg.d/), not a list of root certificates, and that the users are notified when the keys are updated, which is not the case with CA. Nobody can generate a new signature that will be accepted by apt-key out of the box. Cheers, -- Bill. <ballo...@debian.org> Imagine a large red swirl here.
