From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q47bz-0004lF-N7 for garchives@archives.gentoo.org; Mon, 28 Mar 2011 08:15:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BF91C1C0B4; Mon, 28 Mar 2011 08:15:29 +0000 (UTC) Received: from rrzmta2.uni-regensburg.de (rrzmta2.uni-regensburg.de [194.94.155.52]) by pigeon.gentoo.org (Postfix) with ESMTP id 817D71C049 for ; Mon, 28 Mar 2011 08:14:36 +0000 (UTC) Received: from rrzmta2.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 40AAAAF0 for ; Mon, 28 Mar 2011 10:14:35 +0200 (CEST) Received: from grenadine.localnet (pc59050.uni-regensburg.de [132.199.102.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: hua59129) by rrzmta2.uni-regensburg.de (Postfix) with ESMTPSA id 39EEC6A7 for ; Mon, 28 Mar 2011 10:14:35 +0200 (CEST) From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits Date: Mon, 28 Mar 2011 10:14:36 +0200 User-Agent: KMail/1.13.6 (Linux/2.6.36-gentoo-r5; KDE/4.6.1; x86_64; ; ) References: <201103261012.17119.dilfridge@gentoo.org> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart23255182.hjMqEQs4S6"; protocol="application/pgp-signature"; micalg=pgp-sha512 Content-Transfer-Encoding: 7bit Message-Id: <201103281014.45293.dilfridge@gentoo.org> X-Archives-Salt: X-Archives-Hash: e46e7894fff47564a3b986b043a6e74d --nextPart23255182.hjMqEQs4S6 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable > > 3)=20 > 1. Generate said list L from the GPG fields in LDAP (w/ long-form keyids) > 2. Clear-sign L, produces L' > 3. Include L' in /metadata/ during rsync content build. > 3.1. Provide all L' files in a trusted Git repository for historical refe= rence. > 4. Tree-sign per GLEP58, such that signed list is included. >=20 > Pros: > - L' is plaintext and works well w/ rsync deltas. > Cons: Mainly that the key id is a pretty short hash afaik.(Any better-inf= ormed=20 > people around?) > - Introduces new weak point if attacker can compromise the automated > clear-signing service of #2. >=20 > > 4) Rely on an existing list of keys somewhere distributed in portage an= d=20 > > possibly somewhere else (keyservers); a key userid is signed with a mas= ter=20 > > key. Work with GnuPG's well-tested and well-thought-out trust relations= hips. > > Back to start, time to re-read the entire thread... :) > What does this actually add over #3 in terms of security? I don't know. I am basically worried that we are using a well-tested crypto= system in a hackish way and cannot fully estimate the consequences. (Which = is why I hoped someone more knowledgable could comment. I may know approxim= ately how to use gpg, and may have some basic knowledge of the maths behind= it, but I have no clue of the data structures and software internals.) I'd say, here the burden of proof is on you. (i.e. that the signed list of long keyids is as secure as a list of signed = keys) =2D-=20 Andreas K. Huettel Gentoo Linux developer - kde, sci, arm, tex dilfridge@gentoo.org http://www.akhuettel.de/ --nextPart23255182.hjMqEQs4S6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABCgAGBQJNkEN1AAoJEEb+UGWnxTyHxjcP/1rHeOEtecy+fxGGIHzK2d9e Ga0dKeC2Dmqwq7JO0L/8TzevWwyo/Qeb+qg+CuT4/ossqvd2aFJoN8I7HIBngMtv 9CscFSJEs/u9Mmm3XD0cP6LrDJdRvZY0pRCCJn97lUAALV4t5gNvv3I6fBoMRyX1 J5Vu2t2RN1hRYl0xt6dHc77YOQvk8c9+I7UUUnvEK2bY+k7FVbpmrcNpVZAEipwj RdXq59Dp74K0bGPvkshwzXK2+d7j37w27k2ILxJRSfo6b7A2IDuGF9WC0YEnRe4F B02MKqFOuycs/a4mZUVNbrcQ/NzpIl7ewG4tcHeiFp5e41qpf4jkBneM2EDWeeuM cDW4jXZ9ey3dJbn5OJza/dPaA6/nlPVCfwQ5scdfAuId9m+rYECUrmYTiugMo5jH i0OK7rj1l9pRZ2zlqSD57ZiDwK0zf+rabIt+Le5jeF3aCUYVaHpItxH9wgNfHWhm S9JDwFxA0ieKK7yQcFeOKd8yUp4V5gOP8z4hHysvSmgS7xmlfHCAdLXKt/S6+HUu yDoW1mBQfJHgr+Q7ckbsEWEpPHxDazTkXOhMdVojPsn8YzGTR9E2D38z8Qv6H7ce 5ELt7b3/K8Lfx+jzkrrahaZ5+fcZzibJU7xCGuo8ResVtZt1gM2Bz9jUuLfiWzq8 55iy9gu1riTgL3/5d3iw =By0f -----END PGP SIGNATURE----- --nextPart23255182.hjMqEQs4S6--