[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto signing of packages

>>"Ian" == Ian Jackson <ian@chiark.greenend.org.uk> writes:

Ian> Manoj Srivastava <srivasta@datasync.com>:

>> If we are going to act and issue key revocations about maintainer
>> keys, then we should recommend that maintainers generate a separate
>> key for package maintainence, and that key possibly be held in
>> escrow at the master key maintenance sites (It should need two out
>> of three sites to unlock the key database). The maintainer hols the
>> other copy of the secret key. The idea of holding the
>> package-maintainer key in escrow also allows us to deal with lost
>> keys.

Ian> We do not need key recovery, and an escrow database kept
Ian> centrally is a very bad idea from a security point of view.
Ian> You've been listening to the NSA too much :-).

	;-). (I am not, in retrospect, very happy with this cache of
 private keys either, but for some organizations this is a viable
 tradeoff between convenience and security [it is vital to have a
 private escrow mechanism in case encryption is involved; if I get
 run over by a truck, my employer should still have access to company
 documents encrypted by me]). Anyway, this might not work for us in

Ian> If a maintainer loses their key we can revoke our certification
Ian> of it.

	This is fine. I understood your earlier message as saying that
 we would issue key revocation certificates (as opposed revoking our
 certification of the key), which is not possible without having the
 private key it self.

	Assuming we will use pgp as our software package, _how_ does
 one revoke certification? We could remove a signature from the key,
 and maybe upload it to a trusted server, but that is only available
 to users the next time they contact the key server (or we need a new
 version of dpkg/package-with-keys, again, that would require an user

	If we use pgp as our security software, than revoking our
 certification (by uploading to a trusted keyserver) is not as final
 as a key revocation certificate. It may be possible for a rogue
 maintainer to overwrite our revocation with a fresh upload of the
 certified key if allowed access to the trusted keyserver. 

	Of course, we could be using a different base, which
 explicitly allows a key to revoke any of its signatures (which is
 what Ian proposed originally), in which case most of the above is
 moot --- does such a package exist? 

 Caesar had his Brutus--Charles the First, his Cromwell--and George
 the Third ("Treason!" cried the Speaker)--may profit by their
 example.  If this be treason, make the most of it.  -- Patrick Henry
Manoj Srivastava               <url:mailto:srivasta@acm.org>
Mobile, Alabama USA            <url:http://www.datasync.com/%7Esrivasta/>

Reply to: