Hi Following up on Holger's idea to publicly log Sigsum checksums, below is a strawman on how to extend the InRelease and Release.gpg files to embed Sigsum proofs and/or Sigstore cosign signatures. While this information can be distributed separately from these files, it doesn't hurt to think about how in-band signatures could work. After the PGP signature in InRelease and Release.gpg, you could include additional sections. For Sigstore cosign: -----BEGIN SIGSTORE COSIGN----- MEUCIQDz6ggeNw3FXj6TRZajQYUaVce6Wbw5++Pl+fLuwChejwIgJ0ZUbS+Gtyd/PTlLu5Yw7mI7EJtFbmGJ2ucKTjeEA+M= -----END SIGSTORE COSIGN----- For Sigsum proofs: -----BEGIN SIGSUM PROOF----- version=1 log=5955bfe2150ee2e667c4e418228f9ee89835d6990248aad9b39c0e2120c1b022 leaf=7244 4f313845ab7b7bc4592e437869e838fcccef45b402bd970f8aa2628ec17ef5cf e1f43026d9bf03ee21bb87db59f34593ec8c5f5a32abbbdeab23c24083f6078f5cc731e2a44ac66ac251640e850d69a94b1810012ca062b760a9cdf477e68a0a size=21 root_hash=40574f3463b822fddaeed6cd6fd286b2c1229eb6059e27f127488b9625e299b7 signature=d9c19494a30c20c390967d8c8de452876a82559a26ee159d18d35081b701b610b6fb614ccb59644ba01e70bacd3a5ae6dad420235a30d7f5119857d68306fb02 cosignature=70b861a010f25030de6ff6a5267e0b951e70c04b20ba4a3ce41e7fba7b9b7dfc 1705693592 e51006f8f8d5415add21d24c4f5f2e1f6231030c70ba7a78f69aebaf2162c16627dbd6c461f8b71351281475d1ffc4cd8ff110df62cdc349a99faf0558de3705 leaf_index=20 node_hash=ee51a73cedb8d27e4b50359dad5be1f76f667134fef55b9d80c63fb80bbdb95e node_hash=7b7f715c37c43a50164f585ba31c111e409074cc8a8dc8f51415587efff3dc57 -----END SIGSUM PROOF----- The parser needs to understand each format, and pass it to the respectively verifier somehow, and it has to ignore unknown data. /Simon Simon Josefsson <simon@josefsson.org> writes: >> 21 jan. 2024 kl. 20:09 skrev Holger Levsen <holger@layer-acht.org>: >> >> Hi Simon, >> >>> On Fri, Jan 19, 2024 at 05:32:05PM +0100, Simon Josefsson wrote: >>> * URL : https://git.glasklar.is/sigsum/core/sigsum-go >>> Description : tools for public and transparent logging of signed checksums >>> >>> The goal of Sigsum is to provide building blocks that can be used to >>> enforce public logging of signed checksums. >> >> do you think this would be a suitable tool to publically log all checksums of >> all Debian source and binary packages published? > > Yes that would be nice. However I think we want multiple additional > verification methods. The simplest augmentation would be to confirm > that already existing signatures are recorded publicly via rekor. That > doesn’t require any tooling or new private keys during signing, and > help mitigate attackers ability to deny their actions. Cosign and > sigsum are two next low hanging fruit but demand private key > considerations. While publishers of packages (such as Trisquel or > Debian) can be responsible for this, from the point of view of the > consumer of packages, it would add more strength if a couple of > external independent organizations vouch for the packages. I run one > via the gitlab debdistutils project, but mirroring the ideas elsewhere > would help. One key point is that any publishers packages’ aren’t > trustworthy if they cannot be rebuilt from source and validated by a > third party, and that third party should sign claims of what levels of > verification were made, and users can pick a couple of entities to > vouch for packages they install. Could the reproducible build project > sign the packages you build and publish those signatures? I suggest > using all three of GnuPG, sigsum-submit and cosign. > > /Simin > >> >> >> -- >> cheers, >> Holger >> >> ⢀⣴⠾⠻⢶⣦⠀ >> ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org >> ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C >> ⠈⠳⣄ >> >> Life may not be the party we hoped for, but while we're here we might as well >> dance!
Attachment:
signature.asc
Description: PGP signature