Maintaining the kernel's web of trust

Posted Sep 5, 2019 10:44 UTC (Thu) by weberm (guest, #131630)
In reply to: Maintaining the kernel's web of trust by grawity
Parent article: Maintaining the kernel's web of trust

..but if I can break the key storage, and the storage of the chain of signatures, i.e., attack and take over kernel.org, which is what the worry is - how does that not affect the WoT's integrity?

Maintaining the kernel's web of trust

Posted Sep 5, 2019 10:58 UTC (Thu) by farnz (subscriber, #17727) [Link]

The idea, AIUI, of this repository, is that you use it to track from keys you trust for reasons outside kernel.org (e.g. because you met Linus and verified his key in person) to keys that you don't trust. While an attacker can replace the keys and the signature chains, they can't forge the roots of your personal web of trust because they do not have access to people's private keys, and without that, they cannot forge a signature from a key you trust due to external comms to a key under their control.

Maintaining the kernel's web of trust

Posted Sep 5, 2019 21:20 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

You just need a couple of well-known roots of trusts that can published on multiple unrelated sites. This way any attack on the signatures repository will be detected early.