[Cryptography] Blockchained code signing.
Hanno Böck
hanno at hboeck.de
Sun May 7 17:45:50 EDT 2017
On Sun, 7 May 2017 10:35:44 -0400
Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> Here is how: You use Certificate Transparency.
>
> Only instead of enrolling certificates, you enroll signatures on code
> releases. And you establish an update process that ensures that code
> updates will only be retrieved if the signature is properly enrolled.
This idea has already been discussed under the term "binary
transparency", although not a whole lot has happened implementing it,
but mozilla made some experiments:
https://wiki.mozilla.org/Security/Binary_Transparency
However I'm not really happy with this limited form of transparency.
Ideally I'd like not only to sign and log the software binary, but also
the corresponding source and a build instruction how the source became
the binary.
Wanted to write down some thoughts on that for a while...
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
More information about the cryptography
mailing list