Re: officially signed packages

[Jan Danielsson <jan.m.danielsson%gmail.com@localhost>]

On 07/04/14 23:46, Marc Espie wrote:
> On Mon, Apr 07, 2014 at 11:12:06PM +0200, Fredrik Pettai wrote:
>> On Apr 7, 2014, at 22:13 , Marc Espie <espie%nerim.net@localhost> wrote:
>>> That's the one reason why we went for pure keys in OpenBSD, without any
>>> kind of CA.
>>
>> [?]
> 
> Just that. We use pure ED25519 keys.  There is no chain of trust.
> 
> The keys are published as part of the base release.  Adding any chain
> of trust wouldn't make things more secure.

   Again under the assumption that the CA is carrying out their role
properly (not issuing certificates to builders which can't be trusted),
and that the end-user verifies sign certificates against the CA properly:

   What a trust chain does is to allow an end-user to stumble upon a
random site on the Internet which claims to be an trusted builder, get
their certificate, verify it against the trusted CA, and then know "Ok,
TNF trusted this builder enough to issue a certificate to them.", and if
the signatures verify, then the packages can be trusted.  (Not saying
that'll ever happen in practice -- it's just an illustration, and also
this argument applies to a OpenPGP web of trust as well).

   You're right -- it doesn't make the actual signature more secure (The
chain has no part in the file signature; the trust chain says something
completely different), but it's not like a trust chain doesn't add
anything at all.  Though I concede that _what it adds_ isn't necessarily
anything we need in pkgsrc.

> How much trust do you put in
> your toolchain prior to installing anything trustworthy ?

   In practical terms, you're probably right.

   In my field of work, we have to assume that the algorithms will
"soon" be broken, and need to be replaced (i.e. revocation lists are
used, root CA's only valid for three years, etc).  Which in turn means
we can't really have raw files; there needs to be a format to indicate
what type of keys to use, etc.

   Realistically, it looks like we can hang on to ECC for now, and just
to get some perspective; the time it will take to break these algorithms
is by far longer than it will take to tell everyone "Good news everyone,
our old scheme was broken, so we're ripping it out and replacing it with
a new. Don't check signatures with the old scheme from this point on.",
and have them upgrade to whatever algorithm will be used instead.


   Anywho -- I think I've exhausted what I can contribute to this
thread. I'm happy to see things moving on this front, because signed
packages does feel like it's long overdue; no matter the format.

-- 
Kind Regards,
Jan