On Mon, Oct 25, 2021 at 05:32:38PM +0200, Justus Winter wrote:
> Michael Schroeder <m...@suse.de> writes:
> 
> > On 10/21/21 18:12, Justus Winter wrote:
> >> First, I think replacing RPM's point solution with a general purpose
> >> implementation will improve correctness.  Robust signature verification
> >> requires canonicalization of the issuing certificate, which is tricky
> >> [0], [1], [2].
> >
> > Wait, those links don't say why canonicalization is required. What's
> > the attack vector? Do you have other pointers?
> 
> Canonicalization is required before a certificate can be safely used for
> any operation.  OpenPGP certificates are compound structures made out of
> packets bound together by signatures.  Canonicalization requires several
> steps, among them re-ordering out-of-place packets, deduplicating
> packets, checking signatures (and embedded signatures for signing
> subkeys), reasoning about signature and key lifetimes, and revocations.

Yes, except that rpm needs just a very limited subset of this. No
chain of trust, no revokations, and so on. It basically needs what
'gpgv' is providing: it must check a signature against a set of
trusted public keys.

> That unfortunately is true.  Or rather, it was.  OpenPGP's development
> picked up speed, we recently formed a design team that is creating a
> proposal for the next RFC, and have produced a new draft just last week:
> 
> https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/
> 
> Relevant changes for RPM include: New key packet types, new hash
> algorithms, EdDSA over Ed448, new fingerprint format, maybe new
> signature packet types.

Yeah, that's the old rfc Werner has been working on the last 6 years.
I hopt it finally gets out of the "draft" status. (Actually, it's more
imporatant to us what features gpg already provides. So we already
implemented ed25519 even if it is still only in a ietf draft.)

Cheers,
  Michael.

-- 
Michael Schroeder          SUSE Software Solutions Germany GmbH
m...@suse.de      GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to