Time to resurrect multi-key signatures in RPM?

Bojan Smojver bojan at rexursive.com
Tue Aug 26 23:41:12 UTC 2008


Seth Vidal <skvidal <at> fedoraproject.org> writes:

> I think it will complicate things a lot for users to verify

Users wouldn't actually have to verify anything by hand. The idea was that yum
does that for them. I don't see how that would be any more complicated then now.

Say there are 10 signatories in the pool. Yum would check that:

- the package is signed with the Fedora key
- the package is signed by at least N (say 2) other keys from the pool
- failing the above, it would not accept the package

N could even be configurable in yum for smooth transition from the single key
scenario.

> and it's not
> obvious how much we'll gain in terms of security.

It is similar to what a reporter does to confirm a story. One source, not so
reliable. Two sources, more reliable. Many sources, most likely reliable.

In terms of attacks, right now if somebody gets a hold of the password of the
Fedora key, it's game over. Ditto if someone compromises the build system to
start producing bad binaries.

With the multi-key, multi-build system, an attacker would need to get his hands
on a lot of private key passwords, break multiple independent build systems etc.

I always think of flight attendants and how they are told by the captain to
secure the doors and cross-check. I'm sure there must be a good reason for that
cross-check :-)

--
Bojan




More information about the fedora-devel-list mailing list