GNU bug report logs - #57091
Git authentication reports subkey fingerprints

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 9 Aug 2022 21:08:02 UTC

Severity: normal

Full log

Message #32 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: Ludovic Courtès <ludo <at> gnu.org>, bug-guix <at> gnu.org,
 57091 <at> debbugs.gnu.org
Subject: Re: bug#57091: Git authentication reports subkey fingerprints
Date: Thu, 11 Aug 2022 18:31:41 +0200

Hi Maxime,

Quick reply mainly to say thanks for replying :-)

On 2022-08-11 17:07, Maxime Devos wrote:
> On 11-08-2022 13:17, Tobias Geerinckx-Rice wrote:
> 
>> Apologies if I'm wildly off the mark here.  But then I'd like to
>> hear some plausible threat models.  Maxime?
> 
> Here's a problem with allowing subkeys, if that's what you mean:

(Well, you snipped my previous paragraph where I mention what you seem 
to describe below, so yes.)

> 	* Expiration times and GPG-level revocation must be ignored (for
> time-travel, and pulling from an old Guix), similarly to why it must
> be ignored for when no subkeys are used
>  	* Someone used to GPG-style subkeys generates a new subkey to
> replace old expired subkey or revokes old subkey, without keeping in
> mind that Guix doesn't take that in account.
>  	* An attacker uses a compromised-but-revoked-or-expired subkey to
> compromise the channel.

Why does none of this apply to primary keys?

> Expiration times might be solvable by taking the commit time of the
> previous commit as 'current time' (not the commit that was signed,
> otherwise an attacker could just lie). I don't know a solution for
> GPG-level revocation of old subkeys but I haven't looked either.

Git commit dates aren't reliable.  Requiring that they be accurate going 
forward would be imposing yet another 'artificial'/idiosyncratic 
limitation.  I think we should be very hesitant to build a verification 
system on assumptions stacked just so.

> Another problem:
> 
>  	* When replacing the key in the 'keyring' branch with an 'updated'
> key that contains the new subkey, we have to be careful to never
> remove old subkeys, to avoid breaking time travel or pulling from old
> versions.

Sure.  We always need to be careful when updating the keyring branch.

Kind regards,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.
This bug report was last modified 2 years and 311 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.