Re: Crypto signing of packages
Hi,
>>"Ian" == Ian Jackson <ian@chiark.greenend.org.uk> writes:
Ian> Manoj Srivastava <srivasta@datasync.com>:
>> If we are going to act and issue key revocations about maintainer
>> keys, then we should recommend that maintainers generate a separate
>> key for package maintainence, and that key possibly be held in
>> escrow at the master key maintenance sites (It should need two out
>> of three sites to unlock the key database). The maintainer hols the
>> other copy of the secret key. The idea of holding the
>> package-maintainer key in escrow also allows us to deal with lost
>> keys.
Ian> We do not need key recovery, and an escrow database kept
Ian> centrally is a very bad idea from a security point of view.
Ian> You've been listening to the NSA too much :-).
;-). (I am not, in retrospect, very happy with this cache of
private keys either, but for some organizations this is a viable
tradeoff between convenience and security [it is vital to have a
private escrow mechanism in case encryption is involved; if I get
run over by a truck, my employer should still have access to company
documents encrypted by me]). Anyway, this might not work for us in
practice.
Ian> If a maintainer loses their key we can revoke our certification
Ian> of it.
This is fine. I understood your earlier message as saying that
we would issue key revocation certificates (as opposed revoking our
certification of the key), which is not possible without having the
private key it self.
Assuming we will use pgp as our software package, _how_ does
one revoke certification? We could remove a signature from the key,
and maybe upload it to a trusted server, but that is only available
to users the next time they contact the key server (or we need a new
version of dpkg/package-with-keys, again, that would require an user
upgrade).
If we use pgp as our security software, than revoking our
certification (by uploading to a trusted keyserver) is not as final
as a key revocation certificate. It may be possible for a rogue
maintainer to overwrite our revocation with a fresh upload of the
certified key if allowed access to the trusted keyserver.
Of course, we could be using a different base, which
explicitly allows a key to revoke any of its signatures (which is
what Ian proposed originally), in which case most of the above is
moot --- does such a package exist?
manoj
--
Caesar had his Brutus--Charles the First, his Cromwell--and George
the Third ("Treason!" cried the Speaker)--may profit by their
example. If this be treason, make the most of it. -- Patrick Henry
Manoj Srivastava <url:mailto:srivasta@acm.org>
Mobile, Alabama USA <url:http://www.datasync.com/%7Esrivasta/>
Reply to: