Hans-Christoph Steiner writes:
>> In business, such things are confirmed (often badly) by independent
>> audit. For a volunteer-driven community effort, we have to rely on
>> everyone to exercise their best judgement in these sorts of matters.
>
> Debian could also get independent, professional a
On 2024-02-08 23:44:21 +0100 (+0100), Hans-Christoph Steiner wrote:
> > In business, such things are confirmed (often badly) by independent
> > audit. For a volunteer-driven community effort, we have to rely on
> > everyone to exercise their best judgement in these sorts of matters.
>
> Debian cou
> In business, such things are confirmed (often badly) by independent
> audit. For a volunteer-driven community effort, we have to rely on
> everyone to exercise their best judgement in these sorts of matters.
Debian could also get independent, professional audits. I think it would be a
good
On 2/1/24 10:38, Simon Josefsson wrote:
Hi
I'm exploring how to defend against an attacker who can create valid
signatures for cryptographic private keys (e.g., PGP) that users need to
trust when using an operating system such as Debian. A signature like
that can be used in a targetted attacks
> > I've looked at Sigstore, it looks nice. It seems to be architected
> > for use
> > cases that assume highly reliable and unblocked single domains.
> > That's a
> > showstopper for us. Also, the official client app is 100% JVM code
> > right now
> > (Java+Kotlin), so integrating Go binarie
tis 2024-02-06 klockan 16:50 +0100 skrev Hans-Christoph Steiner:
>
>
> Simon Josefsson:
> > Hans-Christoph Steiner writes:
> >
> > > Thanks for digging in here, its very important work! I'd be
> > > happy to
> > > contribute where I can. I'm a DD and a core contributor to F-
> > > Droid,
> >
On 2024-02-06 14:35:34 +0800 (+0800), Simon khng wrote:
[...]
> 3) Use 'password enabled key store' to prevent unauthorized access to
> digital keys.
> 4) Use 'password enabled signing' to prevent unauthorized usage of digital
> keys.
> The use of number 3 and 4 are the steps for developers to uplo
Simon Josefsson:
Hans-Christoph Steiner writes:
Thanks for digging in here, its very important work! I'd be happy to
contribute where I can. I'm a DD and a core contributor to F-Droid,
where we wrestle with basically the same issues. So we've thought a
lot about these kinds of things, bu
Hello there,
I have read a little on this discussion and feel like sharing my thoughts.
I think the current lacking procedures are number 3 and 4 from my
summarization
based on the current standards adopted for PKI:
1) Chain of trust from developer, [intermediaries,] to root CA.
2) Ensure multiple
On 2024-02-05 08:58, Simon Josefsson wrote:
What would be involved is to 1) during signing of artifacts, also sign
and upload into Sigstore/Sigsum, and 2) during verification in the
f-droid app, also verify that the signature has been committed to the
Sigstore/Sigsum logs. Both projects have cli
Your work is valuable. Many of the things have probably evolved over
time and could use some analysis based on modern cryptography and
security practices. I just wanted to point out that there are subtle
but important differences outside of the key and signature formats.
The most important distinc
Stephan Verbücheln writes:
> II. Typical Debian case
>
> 1. Debian developer signs source tarballs and upload them
> 2. The signature only has to be secure until the code lands in the FTP
> 3. Debian builds the binary packages
> 4. Debian creates Release files with hashes of the packages
> 5. The
Code signing is not equal to code signing. There are a lot of
differences between different code-signing strategies, many of which
are often overlooked.
Example:
I. Typical Windows case
1. Third-party developer gets a key from a CA.
2. Third-party developer signs a program binary.
3. The user ob
Bill Allombert writes:
> On Mon, Feb 05, 2024 at 08:49:09AM +0100, Simon Josefsson wrote:
>> Bill Allombert writes:
>>
>> > Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit :
>> >> Hi
>> >>
>> >> I'm exploring how to defend against an attacker who can create valid
>> >> signat
On Mon, Feb 05, 2024 at 08:49:09AM +0100, Simon Josefsson wrote:
> Bill Allombert writes:
>
> > Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit :
> >> Hi
> >>
> >> I'm exploring how to defend against an attacker who can create valid
> >> signatures for cryptographic private key
Hans-Christoph Steiner writes:
> Thanks for digging in here, its very important work! I'd be happy to
> contribute where I can. I'm a DD and a core contributor to F-Droid,
> where we wrestle with basically the same issues. So we've thought a
> lot about these kinds of things, but definitely do
Bill Allombert writes:
> Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit :
>> Hi
>>
>> I'm exploring how to defend against an attacker who can create valid
>> signatures for cryptographic private keys (e.g., PGP) that users need to
>> trust when using an operating system such a
Le Thu, Feb 01, 2024 at 10:38:03AM +0100, Simon Josefsson a écrit :
> Hi
>
> I'm exploring how to defend against an attacker who can create valid
> signatures for cryptographic private keys (e.g., PGP) that users need to
> trust when using an operating system such as Debian. A signature like
> th
Thanks for digging in here, its very important work! I'd be happy to contribute
where I can. I'm a DD and a core contributor to F-Droid, where we wrestle with
basically the same issues. So we've thought a lot about these kinds of things,
but definitely do not have all the answers. Since F
19 matches
Mail list logo
