From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms9.migadu.com with LMTPS
	id qLXCB78KJGShtwAASxT56A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 29 Mar 2023 11:54:07 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id eAGOB78KJGQ2XwAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 29 Mar 2023 11:54:07 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id CF4B31F07E
	for <larch@yhetil.org>; Wed, 29 Mar 2023 11:54:06 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1phSUl-0005iG-Dq; Wed, 29 Mar 2023 05:53:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pukkamustard@posteo.net>)
 id 1phSUk-0005i0-IX
 for guix-devel@gnu.org; Wed, 29 Mar 2023 05:53:30 -0400
Received: from mout01.posteo.de ([185.67.36.65])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pukkamustard@posteo.net>)
 id 1phSUi-0006jf-Ik
 for guix-devel@gnu.org; Wed, 29 Mar 2023 05:53:30 -0400
Received: from submission (posteo.de [185.67.36.169]) 
 by mout01.posteo.de (Postfix) with ESMTPS id 6FE5C240053
 for <guix-devel@gnu.org>; Wed, 29 Mar 2023 11:53:25 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1680083605; bh=tRafNan2OoDAtfOJJA4zF9Z5HxNjiHK+wesFp2iuLy0=;
 h=From:To:Cc:Subject:Date:From;
 b=OCHkyuGEBWpY+/XHOSoQu04d1pjL1PXln/1rkHo+208oyBZOi7X3JNbZop85KHBfR
 FrGmM7hAFdXIIX6fQN/V9z6Zpf8fLvCpeC5XtVueHfdKcoZ4WucaxlaI6cbSG85HgV
 7I9KLMqTAj6pNmR+/UscOMN8ylpg6IigibPgvIXiWhCL9zwVU+N/ZWmDEYZGQFmRA6
 Rg61EZiAgVa1/jAInCistGBUW+JdFVqhJk+6BYrj8vhi4BeznF7g74M+TgBdKfbdlm
 u3mvVqrYhGirGe3+FMbni9I+E+37Q+Xz8OPmgvxKQUlfZtFYb9Ujye7tIPv84dN8x5
 eHnKdDs31cIUw==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4Pmhh42Sssz6tsf;
 Wed, 29 Mar 2023 11:53:24 +0200 (CEST)
References: <sf9aTCKoDqrpSn5OUOGPujCbirKQFxG41GR_3Q3iEB1CqdhUjPL9lt7gC-JiMdQYruX33bAYlZw2YtrJh-JBKLJRoQW-61Ns9ljFllmEnkI=@lendvai.name>
 <CAKg+GqaXGA+erSWFKRxQmxsnHm8-JJhffH2W1WTnbfkK4soqkQ@mail.gmail.com>
 <Ujt0fg5f9Sk2pJGuVDSyLdSRTN_Y9gYJ1xsV78KbTQVVTC3jpqp6jgQzByB3na6TYM1fbmNC0CC3cWE1z8aa6BnxgecgRz61aVLC3_uqR4g=@lendvai.name>
 <CAKg+GqbaO3eadLk50g1cw295f4aaDB2HfPHC7SP=kJ_r29s_aQ@mail.gmail.com>
 <ZCP6s3dNH3vl2EJX@jurong>
From: pukkamustard <pukkamustard@posteo.net>
To: Andreas Enge <andreas@enge.fr>
Cc: Vijaya Anand <sunrockers8@gmail.com>, Attila Lendvai
 <attila@lendvai.name>, guix-devel@gnu.org
Subject: Re: [GSoC 23] distributed substitutes, cost of storage
Date: Wed, 29 Mar 2023 09:26:27 +0000
In-reply-to: <ZCP6s3dNH3vl2EJX@jurong>
Message-ID: <861ql7sxyp.fsf@posteo.net>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=185.67.36.65;
 envelope-from=pukkamustard@posteo.net; helo=mout01.posteo.de
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1680083646; a=rsa-sha256; cv=none;
	b=LWBg+8hbUF78tPnLDXPO/HAkNpVw1r4plIUNwaiyEFfH6kIOZUoMZThBGJqtBlMFvGcUA2
	JZbDGaryAg+4iFgRwM0Cyxt1kcQNNPFa9qhoeyB/XtCTDkoxoq+Y90c60xeKwv5Y9IfTD4
	yywvVg8jZQ7lEKrHMRILnOEYSSKY2RXyWNTWvmoTNbvv9/ojQ1CaVLggQCglNQXtzP6Uru
	YpBCGgo/vmJpbZzQgfukHRLGj7p8igGXIHmidLwZP1HnMEiqfOooC7foselM9l3BFL5Smz
	RJxRyObzECV/gdnuSJ20SG9Qw0xNTNjK+9R8KoNdDa0WJNGuUmvuJ70vunzD6Q==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=posteo.net header.s=2017 header.b=OCHkyuGE;
	dmarc=pass (policy=none) header.from=posteo.net;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1680083646;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=tRafNan2OoDAtfOJJA4zF9Z5HxNjiHK+wesFp2iuLy0=;
	b=iM7YZdXBOQsfpSUD1+jI3XvLZXrX0ygh4aQEmA7YlIGMEgdAQqCd2oL5F3hRSuWSW6jYfB
	bdQSIvq/Zzv5ftH2qHINb/wDIfsOgcTicZw3MIe45Ad0gxDIWWYT8H9SVsIOEyrQIvHLlH
	kuRqNfPEK6rMZzbvnBih+hsUDUgsAkDEfwT58sFtrpBj/BY6SsyokZeEtPQszItn1kynRV
	Oz6MLJZ6Nb9Gj3A74BL8V6Fj7eOZTBwZ1kbwTr0Dle4dCGCOhYf/oAv2w5xDHXHS18Wtm7
	wLY/7WVkG2tT4hQBMgtfxL/70QCRIZGSLSQpSoHvsG+JVlONa+W/QJxLtH+TAw==
X-Migadu-Spam-Score: -6.74
X-Spam-Score: -6.74
X-Migadu-Queue-Id: CF4B31F07E
X-Migadu-Scanner: scn0.migadu.com
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=posteo.net header.s=2017 header.b=OCHkyuGE;
	dmarc=pass (policy=none) header.from=posteo.net;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-TUID: eZiTRDqkictu


Andreas Enge <andreas@enge.fr> writes:

> Hello,
>
> Am Wed, Mar 29, 2023 at 01:49:23AM +0530 schrieb Vijaya Anand:
>> In the case of accessing Guix substitutes from p2p
>> network, we ensure authorization by Guix team by making sure the urn of the
>> substitute is the urn mentioned in the narinfo
>
> no, currently substitutes are authenticated by a digital signature with one
> of the substitute servers (the user has control over which signing keys are
> accepted, see /etc/guix/acl). It happens after the download.
>

Slight ellaboration:

Currently the official Guix substitute servers provide a signed Narinfo
that contains the SHA256 sum of the substitute. The SHA256 sum of a
downloaded substitute is checked to match what is in the signed
Narinfo.

With the ERIS patches (https://issues.guix.gnu.org/52555) the signed
Narinfo also contains the ERIS URN. When getting a substitute this
signed ERIS URN is used. Decoding content from an ERIS URN guarantees
integrity, thus we also have authenticity.

Nevertheless, we still compute the SHA256 sum and check it. This is not
really necessary for ensuring authenticity but, imho, good practice for
now to be really sure we only use authenticated substitutes. Especially
when developing transparent fallback mechanisms that might go back to
just downloading the entire substitute from HTTP.

-pukkamustard