[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Bob Ippolito
bob at redivi.com
Fri Oct 3 19:19:43 EDT 2003
On Friday, Oct 3, 2003, at 18:43 America/New_York, Jack Jansen wrote:
>
> On 3-okt-03, at 17:48, Bob Ippolito wrote:
>
>>> On its own, no. But combined with another algorithm that allows a
>>> trusted source to
>>> advertise (in a secure way) the md5sums of all relevant documents
>>> s/he ever created
>>> it does. If you really want I could write it down in
>>> Needham-Burrows-Abadi formalism
>>> (or whatever the people involved were again).
>>>
>>> Or, to elaborate on the steps again (taking you as an example):
>>>
>>> 1. You change your pimp database.
>>> 2. You take the md5sum of it, let's say it's 12345 (but with many
>>> more digits:-)
>>> 3. You create a secure document
>>> https://undefined.org/pimp/integrity.html
>>> saying "I, Bob Ippolito, created this packman database. Use at
>>> your own risk".
>
> AAAARGH! Here I made a crucial mistake: the URL is specific to this
> instance of your
> database, in other words, it is
> <https://undefined.org/pimp/integrity/12345.html>.
>
>>> 4. You don't ever delete this file, even when updating the database.
>>> 5. You now upload the database to
>>> <http://undefined.org/pimp/pimp-macosx-whatever.plist>.
>>> 6. My mum downloads your database through packman, and presses the
>>> "integrity check"
>>> button.
>>> 6. She is presented with a dialog
>>> You can now use your internet browser to test that this database was
>>> actually created by %s. Check that the padlock is closed (if it is
>>> open there is a very good chance that this is a forged database). If
>>> you get a message about an untrusted certificate this is also a sign
>>> of a forgery. Finally check that the URL starts with https: and
>>> points
>>> to the website of %s.
>>>
>>> Note that all these checks only mean that this database has not
>>> been tampered
>>> with since it was created. Whether you trust %s remains wholly up
>>> to you.
>>
>> 1. You orchestrate some sort of man in the middle attack.
>> 2. You take the existing integrity.html document
>> 3. You create a new evil packman plist file
>> 4. You add the md5sum of your evil packman plist file and append it
>> to integrity.html
>> 5. You upload the database and integrity.html to your evil man in
>> the middle server
>>
>> The padlock thing helps some, but it only works for people with
>> trusted SSL certificates, which are typically not cheap, and I
>> wouldn't expect everyone maintaining a distribution to have one.
>
> Having a trusted SSL certificate is tantamount to the whole idea!
> Untrusted
> SSL certificates are as good as locking your door and leaving the key
> under a stone beside it....
>
> But note that not everyone maintaining a pimp database would need one,
> it would just mean a little more work. If I had an SSL key, and you and
> I could communicate securely (lets say PGP-based) you would put a URL
> of the form <http://www.cwi.nl/~jack/pimp/integrity/%s.html> in your
> database, send me the md5 sum whenever you change it, and I would
> create
> the 12345.html file with the contents "I, Jack Jansen, am convinced Bob
> Ippolito created this database".
I personally think this method is problematic as a sole source of trust
because it makes it harder for a PackMan database to get updated.
Unless of course scapegoat A and scapegoat B have an automated
cryptographic method to exchange "integrity tokens". I much prefer the
"I, Bob Ippolito, trust that Jack Jansen's public key is ....." method,
but it could also say "... and his most recent database has a sha-1
hash of: " which would accommodate both of us. The third party
integrity check is still a useful method to have because
(a) In the case of a compromise, it provides a process for a key to be
revoked (if enough people say "I, Some Trusted Person, no longer trust
that Bob Ippolito's public key is ...")
(b) it sort of skirts around the crypto import dependency for the
unfortunate who are in countries that restrict its use. Assuming these
people are allowed to use hashing algorithms :)
I really like the public key idea and I think that we can implement it
for most Python users hassle free, but I'm now convinced that we should
also have Jack's third party hashes.
-bob
More information about the Pythonmac-SIG
mailing list