TUF, Warehouse, Pip, PyPA, ld-signatures, ed "PEP 480 -- Surviving a Compromise of PyPI" https://www.python.org/dev/peps/pep-0458/
"PEP 480 -- Surviving a Compromise of PyPI: The Maximum Security Model" https://www.python.org/dev/peps/pep-0480/ I need to spend time reviewing these PEPs. Backseat driving here; sorry: Are there pypa/warehouse github issues for implementing the TUF trust root support in warehouse; and client support in pip (or a module that pip and other tools can use)? Warehouse is already a SPOF. That's a hefty responsibility that contributions should support. Would [offline] package mirrors and the CDN still work for/with TUF keys? ld-signatures has some normative language that could be useful. ld-signatures uses URIs for signature suites (a canonicalization algorithm, a message digest algorithm, and a signature algorithm) and JSONLD. That should be pretty future proof in regards to the NIST post-quantum algorithms call that's under review at this time. Blockcerts builds upon ld-signatures. There's a compact form of JSONLD. JSON[LD] can also be serialized as BSON (and RDFHDT). "Linked Data Signatures 1.0" (draft) https://w3c-dvcg.github.io/ld-signatures/ "Ed25519 Signature 2018" (draft) https://w3c-dvcg.github.io/lds-ed25519-2018/ - canonicalizationAlgorithm: https://w3id.org/security#URDNA2015 - digestAlgorithm: http://w3id.org/digests#sha512 - signatureAlgorithm: http://w3id.org/security#ed25519 https://theupdateframework.github.io/ https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#the-update-framework-specification On Thursday, March 22, 2018, Trishank Kuppusamy < trishank.kuppus...@datadoghq.com> wrote: > Hi Wes, > > On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner <wes.tur...@gmail.com> wrote: > >> >> The hashes serve as file integrity check but provide no assurance that >> they are what the author intended to distribute because there is no >> cryptographic signature. >> >> File hashes help detect bit flips -- due to solar flares -- in storage or >> transit, but do not mitigate against malicious package modification to >> packages in storage or transit. >> >> AFAIU, TUF (The Update Framework) has a mechanism for limiting which >> signing keys are valid for which package? Are pre-shared keys then still >> necessary, or do we then rely on a PKI where one compromised CA cert can >> then forge any other cert? >> > > Yes, you are right, the hashes need to be signed: otherwise you have > integrity, but no authenticity. > > We wrote PEPs 458 <https://www.python.org/dev/peps/pep-0458/> and 480 > <https://www.python.org/dev/peps/pep-0480/> to discuss how TUF might be > deployed on PyPI / Warehouse. The PEPs go into details about public key > distribution. The TLDR is that is that clients (i.e., pip) need to be > shipped with one self-signed root metadata file, and the rest of the PKI is > bootstrapped from there. PyPI would act as an authority that distributes, > revokes, and replaces public keys for packages. > > More details on security vs usability also available in our Diplomat > <https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy> > paper. > > If the community is interested, we'd love to discuss how we could help > make this happen. > > Thanks, > Trishank > >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig