Crypographically Strong Software Distribution HOWTO

[Ben Laurie]

"V. Alex Brennen" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I've written a HOWTO on the cryptographically strong distribution
> of computer software.  Any constructive criticism would be
> appreciated. I hope to standardize the use of this model in
> the GNU/Linux free software community.
> 
> You can find the HOWTO here:
> 
> http://www.cryptnet.net/fdp/crypto/strong_distro.html

What this does not address is the common situation where the
distribution gets signed by a different person each time (example:
Apache). I've put some pretty serious thought into this problem and come
to a few conclusions.

The obvious answer is "use a role key". This doesn't work - how does one
control who gets it? How is it distributed? What happens when a
developer leaves the group (the role key has to be revoked and we start
all over again?)? You have to build a whole organisation around the key,
which is unlikely to happen at all, let alone be secure.

So, you pretty clearly have to do something that allows multiple keys to
be used. It seems to me that the way to do this is to have tools that
manage a set of keys which may change over time. The keys sign each
other (the signatures would have to be tagged as signatures that allow a
particular software distribution to be signed) and the user trusts the
_set_ of keys, using the tools to check how keys get added and removed,
ensuring that appropriate signatures are on new keys, and that
revocations of old keys/signatures are checked.

Organisations like the Apache Software Foundation can also have
cross-checking between sets of keys to reduce the pain of building
initial trust in a set of keys for a new piece of software from that
organisation.

This idea can be extended between groups of software developers, of
course.

The key point, IMO, is that this has to be largely automated. To that
end, I've been working on tools that deal with all the low-level
ickiness, automatically check for updates, do the downloads and check
signatures, reduce all the info to a level where a user can actually
digest it in a reasonable amount of time, and so on.

It is a non-trivial task, so if anyone wants to help with it, please let
me know!

Cheers,

Ben.


--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com