Crypographically Strong Software Distribution HOWTO
Greg Broiles
gbroiles at well.com
Tue Jul 3 16:15:38 EDT 2001
At 02:13 PM 7/3/2001 -0400, V. Alex Brennen wrote:
>In the case of such a large project, perhaps you could issue
>a separate role key pair to each developer and generate
>revocation certificates which are held by the core group for
>those keys. When a developer leaves the group, the revocation
>certificate for his key would be circulated.
Because current systems don't, to my knowledge, allow the creators of
revocations to specify the reason(s) for revocation, I wonder if it would
be better to rely on short-lived keys or certs which are renewed frequently
during a person's membership or association with a group.
Specifically, a revocation which does not distinguish between "stopped
working on the project because very busy at new job" and "left laptop with
private key on public transit" or "discovered installed rootkit on machine
storing unencrypted private key" does not help people decide whether they
can reasonably install old(er) distributions of a software package. If the
package was signed by a person who is no longer participating as a
builder/distributor, their key should not be current - but that doesn't
mean that everything which has been signed with their key should be
considered untrusted, as it would be in the case of a key compromise.
In particular, consider the example of a person who's the last within a
group to maintain a port/build/distribution on a hard-to-find platform, who
then leaves the group - it may be difficult to find someone else to replace
them, so new builds may not be available - but software which was once
considered working and "official" shouldn't lose that status because of the
change in group membership.
Certainly, in the best of all possible worlds, everyone who installs
software would have access to online CRL and CA resources, and we wouldn't
need to think about whether or not a particular snapshot of reality is
misleading in an especially optimistic or pessimistic way - but I believe
we should not design (only) for that world.
In the absence of semantic information about revocations, I think that
expiration is a more appropriate model where no compromise is reasonably
suspected, and that revocation is a more appropriate model where compromise
is suspected or asserted.
--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list