Bill Allombert <ballombe@debian.org> writes: > Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit : >> Hi >> >> I'm exploring how to defend against an attacker who can create valid >> signatures for cryptographic private keys (e.g., PGP) that users need to >> trust when using an operating system such as Debian. A signature like >> that can be used in a targetted attacks against one victim. >> >> For example, apt does not have any protection against this threat >> scenario, > > Is not apt-key a protection ? No, the current implementation protects against missing and/or invalid signatures. Compare how in the WebPKI world some CA issued a valid *.google.com certificate, and how that (and other incidents) lead to setup of Certificate Transparency, which helps mitigate these issues. It is possible to implement similar features for the relevant private keys used to sign Debian too; Sigstore and Sigsum are two publicly available projects. /Simon
Attachment:
signature.asc
Description: PGP signature