On Fri, Jan 17, 2014 at 3:26 PM, Marc Espie <[email protected]> wrote: > It's probably time to talk about it. > > Yes, we are now distributing signed packages. A lot of people have probably > noticed because there was a key mismatch on at least one batch of signed > packages. > > Obviously, we haven't finished testing yet. > > Don't read too much into that. "Signed packages" just mean you can use > an insecure medium, such as ftp, to download packages: if the key matches, > it means the package hasn't been tampered with since it was signed. > > The cryptographic framework used to sign packages is called signify(1), > mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo > and I. > > The signing framework in pkg_add/pkg_create is much older than that, if > was written for x509 a few years ago, but signify(1) will probably be more > robust and ways simpler. In particular, there's no "chain-of-trust", so > you keep complete control on the sources YOU trust.
Can you please elborate more on the trusting part ? Both DNSSEC and RPKI have a "root anchor" that we're all supposed to trust, and your model is different. > > Signatures should be transparent in use: the package is opened, the > packing-list signature is checked, and then files are checksummed while > extracted against the packing-list embedded checksums (there are provisions > to ensure any dangerous meta-data is also encoded in the packing-list as > @mode/@user/@group annotations. > > So, barring problems, you shouldn't even notice signatures. > -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
