From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 42CC36DE0C67 for ; Thu, 14 Mar 2019 15:51:35 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.138 X-Spam-Level: X-Spam-Status: No, score=-0.138 tagged_above=-999 required=5 tests=[AWL=0.063, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSWk-J4APKBV for ; Thu, 14 Mar 2019 15:51:34 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 4578B6DE0318 for ; Thu, 14 Mar 2019 15:51:34 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1552603892; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=HeGML6Tc9/pyTj4XdbAFIAeYuIZ5HD1ks6CRi6xaUeE=; b=x5HZKelMjIrJo/LPXYcYWUABVlgXeW3tEJECySMue0NI47MWDpxKHEZo /MeGjmIIDR0DTfBFaEB6wIM2IrjFCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1552603892; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=HeGML6Tc9/pyTj4XdbAFIAeYuIZ5HD1ks6CRi6xaUeE=; b=gA+2r7dmLddCVxfz4kUX6bM7UNTCy2hkQgsYh7Hsrepu1QepHrNYbbTD VuEbZTrClc515U1jy9evpHgktp3SXmriW9SWAgNDgY9QYB0K4eje644B6s QrMPynGw0K58Pw8Uzc3CGkQwiqgTGnNB9cbo8p3ZSPxbXLmz/kfOYA+oO8 qljfXU3YFiS09ODoc8yEEncmTeAnhpCcaf0QeTkkyLmhlamJ9edrh0th3F 37d23hyhVymVpAZlt/P9jnjMcr6ObyGIEVlidKo/ybjtjgIdc7POjs2hwt m6f3R/yI5eGVol4csjoxDD0wet71RxjRCTpSeLdGIJWyiwlgVnpZxg== Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 8DDB8F99D; Thu, 14 Mar 2019 18:51:31 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 08E02203A5; Thu, 14 Mar 2019 18:51:29 -0400 (EDT) From: Daniel Kahn Gillmor To: David Bremner , Carl Worth , Adam Majer , notmuch@notmuchmail.org Subject: Re: [PATCH] build: sign tarball instead of sha256sum In-Reply-To: <87lg1kcqg8.fsf@tethera.net> References: <87mun16gmm.fsf@wondoo.home.cworth.org> <20190213021703.18412-1-david@tethera.net> <87lg1kcqg8.fsf@tethera.net> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw== Date: Thu, 14 Mar 2019 18:51:28 -0400 Message-ID: <87ftrpgjdb.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2019 22:51:35 -0000 --=-=-= Content-Type: text/plain On Tue 2019-03-12 07:55:19 -0300, David Bremner wrote: > David Bremner writes: > >> Adam Majer pointed out in [1] the way were signing releases was >> unusual. Neither Carl nor I could think of a good reason for >> explicitely signing the checksum (internally of course that's what GPG >> is going anyway). > > It seemed unlikely that there would be much testing for this (but feel > free!), so I have pushed it. I can fix any glitches during the next > release. Sorry to only be getting to this now. I think the original mechanism, despite being non-standard, is actually a more robust approach, so i recommend reverting this change. A detached signature on object X does *not* cover the name of object X. So for some existing version Y of notmuch, if an attacker takes notmuch-Y.tgz and notmuch-Y.tgz.asc and renames them both to notmuch-Z.tgz and notmuch-Z.tgz.asc, they can make it look like a new version (version Z) of notmuch is available! The only way to detect the attack is to store a log of timestamps of previous releases, and try to compare timestamps (though this itself can be confusing and wrong if we were to maintain multiple branches concurrently). This permits a "rollback" or "version freeze" attack, which we probably don't want to encourage. However, if the thing verified is the output of sha256sum, then the *filename* of the tarball itself is included, then the standard verification step will is sufficient to ensure that you've got the right version in the filename. In bash, verifying version 0.28.3 would look something like: set -o pipefail set -x wget https://notmuchmail.org/releases/notmuch-0.28.3.tar.gz{,.sha256.asc} gpgv --keyring ./notmuch-signers.pgp --output - notmuch-0.28.3.tar.gz.sha256.asc | sha256sum -c - This is resistant to any attacker who manages to place or rename files on https://notmuchmail.org/releases/. That's why I support reversion here. Apologies for the delay in encountering this thread. Regards, --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXIra8AAKCRB2GBllKa5f +EStAQCj9+IC4nWvAUEsZZ9BOg0hlX9/gkwiEX+MiysXQOWtCQEAi/fJis2Uk2gP rPvySnvyaAt5/YVga0opGHFukvzhBQg= =cy3P -----END PGP SIGNATURE----- --=-=-=--