Maintaining the kernel's web of trust

Posted Sep 5, 2019 9:56 UTC (Thu) by grawity (subscriber, #80596)
In reply to: Maintaining the kernel's web of trust by weberm
Parent article: Maintaining the kernel's web of trust

* The replacement solution is to add a repository on kernel.org.
* This is then used to determine the trust of potentially untrustworthy repositories on kernel.org

As I understand it, the repository isn't a replacement for web-of-trust; it only acts as a key storage (similar to GnuPG's WKD) but regular WoT is still used to ensure their validity.

Maintaining the kernel's web of trust

Posted Sep 5, 2019 10:44 UTC (Thu) by weberm (guest, #131630) [Link] (2 responses)

..but if I can break the key storage, and the storage of the chain of signatures, i.e., attack and take over kernel.org, which is what the worry is - how does that not affect the WoT's integrity?

Maintaining the kernel's web of trust

Posted Sep 5, 2019 10:58 UTC (Thu) by farnz (subscriber, #17727) [Link]

The idea, AIUI, of this repository, is that you use it to track from keys you trust for reasons outside kernel.org (e.g. because you met Linus and verified his key in person) to keys that you don't trust. While an attacker can replace the keys and the signature chains, they can't forge the roots of your personal web of trust because they do not have access to people's private keys, and without that, they cannot forge a signature from a key you trust due to external comms to a key under their control.

Maintaining the kernel's web of trust

Posted Sep 5, 2019 21:20 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

You just need a couple of well-known roots of trusts that can published on multiple unrelated sites. This way any attack on the signatures repository will be detected early.