On 2014/01/22 13:46, Loganaden Velvindron wrote:
> On Fri, Jan 17, 2014 at 3:26 PM, Marc Espie <es...@nerim.net> wrote:
> > It's probably time to talk about it.
> >
> > Yes, we are now distributing signed packages. A lot of people have probably
> > noticed because there was a key mismatch on at least one batch of signed
> > packages.
> >
> > Obviously, we haven't finished testing yet.
> >
> > Don't read too much into that. "Signed packages" just mean you can use
> > an insecure medium, such as ftp, to download packages: if the key matches,
> > it means the package hasn't been tampered with since it was signed.
> >
> > The cryptographic framework used to sign packages is called signify(1),
> > mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo
> > and I.
> >
> > The signing framework in pkg_add/pkg_create is much older than that, if
> > was written for x509 a few years ago, but signify(1) will probably be more
> > robust and ways simpler. In particular, there's no "chain-of-trust", so
> > you keep complete control on the sources YOU trust.
>
> Can you please elborate more on the trusting part ?
>
> Both DNSSEC and RPKI have a "root anchor" that we're all supposed to trust,
> and your model is different.
The model is: only the specific keys placed in /etc/signify are trusted.
The plan is to include the public keys used for signing release n+1 in
release n. So once you trust a particular key, by verifying signatures
on sets which you download+install, you can have a chain of continuity
for future keys.
You still need to get your initial key from somewhere that you
trust. If you are worried about sources of this, you can at least
check and compare the 55*.pub files from a few sources e.g. those in
downloaded sets against those in anoncvs/cvsweb ("cvs -d $CVSROOT get
-p src/etc/signify/55base.pub" to display on stdout). Of course when
the next release is done they'll be on CD.
(IIRC somebody suggested printing keys on the tshirts, not sure if print
resolution on fabric is really up to that without making the text so
big as to be horribly ugly, posters may work though.)
Given sufficient space to download tgz before unpacking, the install
ramdisk kernel now checks signatures (yes: crypto fits on the ramdisk
- signify/ed25519 is small, and yes: please test and report on any
problems!).
If you're fetching a new installer (ramdisk kernel, install55.iso,
floppy*.fs, etc) you can verify the signature of that file before using
it. Also it should go without saying, if you use the "untar sets on a
running system" method, checking those sets is your responsibility,
see signify(1)'s EXAMPLES section for information about how to do this.
