TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
TUF, Warehouse, Pip, PyPA, ld-signatures, ed "PEP 480 -- Surviving a Compromise of PyPI" https://www.python.org/dev/peps/pep-0458/ "PEP 480 -- Surviving a Compromise of PyPI: The Maximum Security Model" https://www.python.org/dev/peps/pep-0480/ I need to spend time reviewing these PEPs. Backseat driving here; sorry: Are there pypa/warehouse github issues for implementing the TUF trust root support in warehouse; and client support in pip (or a module that pip and other tools can use)? Warehouse is already a SPOF. That's a hefty responsibility that contributions should support. Would [offline] package mirrors and the CDN still work for/with TUF keys? ld-signatures has some normative language that could be useful. ld-signatures uses URIs for signature suites (a canonicalization algorithm, a message digest algorithm, and a signature algorithm) and JSONLD. That should be pretty future proof in regards to the NIST post-quantum algorithms call that's under review at this time. Blockcerts builds upon ld-signatures. There's a compact form of JSONLD. JSON[LD] can also be serialized as BSON (and RDFHDT). "Linked Data Signatures 1.0" (draft) https://w3c-dvcg.github.io/ld-signatures/ "Ed25519 Signature 2018" (draft) https://w3c-dvcg.github.io/lds-ed25519-2018/ - canonicalizationAlgorithm: https://w3id.org/security#URDNA2015 - digestAlgorithm: http://w3id.org/digests#sha512 - signatureAlgorithm: http://w3id.org/security#ed25519 https://theupdateframework.github.io/ https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#... On Thursday, March 22, 2018, Trishank Kuppusamy < trishank.kuppusamy@datadoghq.com> wrote:
Hi Wes,
On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner
wrote: The hashes serve as file integrity check but provide no assurance that they are what the author intended to distribute because there is no cryptographic signature.
File hashes help detect bit flips -- due to solar flares -- in storage or transit, but do not mitigate against malicious package modification to packages in storage or transit.
AFAIU, TUF (The Update Framework) has a mechanism for limiting which signing keys are valid for which package? Are pre-shared keys then still necessary, or do we then rely on a PKI where one compromised CA cert can then forge any other cert?
Yes, you are right, the hashes need to be signed: otherwise you have integrity, but no authenticity.
We wrote PEPs 458 https://www.python.org/dev/peps/pep-0458/ and 480 https://www.python.org/dev/peps/pep-0480/ to discuss how TUF might be deployed on PyPI / Warehouse. The PEPs go into details about public key distribution. The TLDR is that is that clients (i.e., pip) need to be shipped with one self-signed root metadata file, and the rest of the PKI is bootstrapped from there. PyPI would act as an authority that distributes, revokes, and replaces public keys for packages.
More details on security vs usability also available in our Diplomat https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kup... paper.
If the community is interested, we'd love to discuss how we could help make this happen.
Thanks, Trishank
participants (3)
-
Justin Cappos
-
Trishank Kuppusamy
-
Wes Turner