TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
TUF, Warehouse, Pip, PyPA, ld-signatures, ed
"PEP 480 -- Surviving a Compromise of PyPI" https://www.python.org/dev/peps/pep-0458/
"PEP 480 -- Surviving a Compromise of PyPI: The Maximum Security Model" https://www.python.org/dev/peps/pep-0480/
I need to spend time reviewing these PEPs. Backseat driving here; sorry:
Are there pypa/warehouse github issues for implementing the TUF trust root support in warehouse; and client support in pip (or a module that pip and other tools can use)?
Warehouse is already a SPOF. That's a hefty responsibility that contributions should support.
Would [offline] package mirrors and the CDN still work for/with TUF keys?
ld-signatures has some normative language that could be useful.
ld-signatures uses URIs for signature suites (a canonicalization algorithm, a message digest algorithm, and a signature algorithm) and JSONLD. That should be pretty future proof in regards to the NIST post-quantum algorithms call that's under review at this time.
Blockcerts builds upon ld-signatures.
There's a compact form of JSONLD. JSON[LD] can also be serialized as BSON (and RDFHDT).
"Linked Data Signatures 1.0" (draft) https://w3c-dvcg.github.io/ld-signatures/
"Ed25519 Signature 2018" (draft) https://w3c-dvcg.github.io/lds-ed25519-2018/ - canonicalizationAlgorithm: https://w3id.org/security#URDNA2015 - digestAlgorithm: http://w3id.org/digests#sha512 - signatureAlgorithm: http://w3id.org/security#ed25519
https://theupdateframework.github.io/
https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#...
On Thursday, March 22, 2018, Trishank Kuppusamy < trishank.kuppusamy@datadoghq.com> wrote:
Hi Wes,
On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner wes.turner@gmail.com wrote:
The hashes serve as file integrity check but provide no assurance that they are what the author intended to distribute because there is no cryptographic signature.
File hashes help detect bit flips -- due to solar flares -- in storage or transit, but do not mitigate against malicious package modification to packages in storage or transit.
AFAIU, TUF (The Update Framework) has a mechanism for limiting which signing keys are valid for which package? Are pre-shared keys then still necessary, or do we then rely on a PKI where one compromised CA cert can then forge any other cert?
Yes, you are right, the hashes need to be signed: otherwise you have integrity, but no authenticity.
We wrote PEPs 458 https://www.python.org/dev/peps/pep-0458/ and 480 https://www.python.org/dev/peps/pep-0480/ to discuss how TUF might be deployed on PyPI / Warehouse. The PEPs go into details about public key distribution. The TLDR is that is that clients (i.e., pip) need to be shipped with one self-signed root metadata file, and the rest of the PKI is bootstrapped from there. PyPI would act as an authority that distributes, revokes, and replaces public keys for packages.
More details on security vs usability also available in our Diplomat https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy paper.
If the community is interested, we'd love to discuss how we could help make this happen.
Thanks, Trishank
Warehouse is already a SPOF. That's a hefty responsibility that contributions should support.
Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server (and all keys on it) need not allow an attacker to compromise many users. The details are in the Diplomat https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy paper, but the gist is that you can have some rarely used, offline keys that are stored by folks like Donald, etc. and a quorum of those trusted users would need to be malicious to cause substantial harm to users.
However, you can have whatever trust / key distribution / storage model makes sense. TUF doesn't force you to use some pre-ordained model. It has flexibility to support a variety of workflows, including many with good security properties.
Would [offline] package mirrors and the CDN still work for/with TUF keys?
Yes, this works just fine. CDNs / mirrors do not change in any way.
On Thu, Mar 22, 2018 at 6:15 PM, Justin Cappos jcappos@nyu.edu wrote:
Warehouse is already a SPOF. That's a hefty responsibility that contributions should support.
Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server (and all keys on it) need not allow an attacker to compromise many users. The details are in the Diplomat https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy paper, but the gist is that you can have some rarely used, offline keys that are stored by folks like Donald, etc. and a quorum of those trusted users would need to be malicious to cause substantial harm to users.
However, you can have whatever trust / key distribution / storage model makes sense. TUF doesn't force you to use some pre-ordained model. It has flexibility to support a variety of workflows, including many with good security properties.
Would [offline] package mirrors and the CDN still work for/with TUF keys?
Yes, this works just fine. CDNs / mirrors do not change in any way.
+1
(I'm logging off work for today, but happy to discuss more tomorrow)
participants (3)
-
Justin Cappos -
Trishank Kuppusamy -
Wes Turner