Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 29 Apr 2013 10:06:00 -0400
From: "Eric H. Christensen" <sparks@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kseifried@...hat.com>, Josh Bressers <bressers@...hat.com>
Subject: Re: upstream source code authenticity checking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sat, Apr 27, 2013 at 03:01:58AM +0200, Alistair Crooks wrote:
> I don't know if you've ever done one of the key signing parties, where
> you get handed government id, and that is supposed to define someone's
> identity.  It tells age, name, and ability to keep a dead pan face in
> front of a camera.  It says nothing about how trust-worthy someone is,
> in the sense that I would compile/run software written by them. On top of
> all this is the problem of mutt updating your pubring with various
> people's public keys when you read an email from them (yes, it can be
> turned off).  However, given that I'm on some "unusual" (read
> "precious") mailing lists, that behavior can mean that someone can
> send out email to a list, and now their key appears on my pubring.  An
> attempt to verify a signature on something unrelated could mean that
> their pub key is used to verify something. 

I think you are confusing verifying someone's identity and work to verifying someone's ability to do work.

If I know that Kurt is an outstanding developer then I'll want to make sure that what I receive is what he sent me.  If I've already signed his key at a key signing party then I've already verified his identity (or really that the face I know is associated with the keys he uses) and can trust that the code he releases is from him.

Having many public keys on your keyring doesn't mean that you trust those keys.  Mutt does a good job letting you know if the signature is valid and whether or not you trust the key (again, those are separate things).  And there is no problem with using that public key that you received from an email to verify a signature on a tarball.  You are trying to establish that the tarball came from the person and hasn't been modified inroute.  You establish a trust of their code outside of a trust of their identity.

> > I a seriously confused that a lot of people seem to think unsigned
> > code is somehow ok, but if we sign the code we have to do it perfectly
> > to have any value. This simply isn't true. Right now unsigned code is
> > wide open, and detecting changes is expensive (you need a full copy to
> > compare against, and if you have a copy why would you care? =).
> > SIgning releases with PGP/GPG makes this problem a lot easier to
> > handle and even if it fails, by definition the attacker would have
> > been able to pull the attack off any ways.
> 
> No, not really.  My point was that people seem to think that, just
> because something is signed, it must be 100% good from the right
> person.  I will agree that most of the time this is the case -
> however, relying on this to be the case would be imprudent. There's
> also the unusual case where we get pub keys from a "third-party" HKP
> server, thereby rendering it more difficult for keys to be misused,
> and yet I've seen people saying that just distributing the pub key
> with the distribution is fine.  This is in a world where DNSsec is not
> yet fully deployed, and there are ways of working around certs. No, it's
> not likely, but it is possible.

And that's why these key signing parties are important (to an extent).  If someone starts sending mail from my email address with a PGP signature that says it's from my email address I'm hoping that people notice it's not my key that's signing them.  The only way that you can verify that is if we have met and we have signed each other's keys (or you can use the web-of-trust and blah blah blah).  Again, you have to look at the trust aspect here and understand what you are trusting.

- --Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQGcBAEBCgAGBQJRfn5FAAoJEB/kgVGp2CYvQBsMAJZ3mbCwVE5JNxIZY0sx7QHG
lhezTTxn2V4AvOCdVD70XqNyNMsZA2bulZ2VSueAZQmrPvDs7D8fX18Qs1FHHN0V
PdvNQyn10ljVZgWbFAMSojM+Rbvqx5f4TYGUljFiqR4GRjwhXmCERoFyrDCweZtP
Y6tXYUzV1EMAh9vOos1kx3T4YfQYgBWMfA0JUqa6UbPc/cFYRBwmLVdkytFaI5/w
dK1E5SivjGGXCQxJ4s1dqF4H2XvjA0n0nIp79GRNp4TSmZCldIL+rHEwOAcL/qja
7yDOSaGypMWmeJqy+pvhgwn1RjmFE89BzDyraqLlWerynL1XEhz3fIVlRVt45OT5
obf8P0ixYDNT+MkffAu5W7/T9YTKKBQwNrOqyIUXpyhg7VV9sbBCKhvf/VNyb/yh
8pPTTluUd1zfIph5Ex5/qlxzHtmWNpy/V+jl5fH2AeCqljdkNKFuvRxy7Z4S1oZT
L4rUXq6H+L2JSB5xRdt8ljxiDI8d2M3WiReiQ83isA==
=4coA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.