|
|
Log in / Subscribe / Register

Transparency

Transparency

Posted Mar 12, 2021 4:41 UTC (Fri) by tialaramex (subscriber, #21167)
Parent article: The Linux Foundation's "sigstore" project

A recurring pattern is people see Certificate Transparency and they say, oh that's a clever solution to a problem [it is] and I have a problem, so I should model my solution on Certificate Transparency...

I started out reacting to these by thinking "Huh, I guess it isn't a perfect fit, but maybe this works for you" and after seeing it fail so often I've now reached the point where I just grunt in disgust. It would be lovely if "sigstore" is the exception, but that feels unlikely.

CT was very narrowly tailored to solve a very specific problem, and most of these other problems have only superficial resemblance. I think the _most_ important thing I'd want anybody thinking "Certificate Transparency is the model I need to look at" to know is that all the clever cryptography in CT is only there to keep honest people (in this case public CAs) honest in the first place. The real benefits we reap would be the same if CAs just published a CSV file or something - but if there was a CSV file there would be a persistent temptation to tamper with it, and CT removes that temptation. And CT isn't even really finished. A sufficiently powerful and nefarious actor could pervert things pretty badly, and the features mooted to prevent that mechnically ("Gossip" protocols and consistency proof checking) are not in fact deployed. Because like I said, we're about keeping honest people honest, and at a certain point if they're all behaving you need to stop thinking of increasingly devious things they could be hiding from you - they are probably just being honest. Humans are lazy, and the subterfuge required to successful defeat CT as it stands is just too much effort.

But in the space sigstore wants to occupy I don't see honest people who need to be kept honest. I see a Wild West, and I fear that this technology doesn't do what you need in that circumstance at all.

I first saw mention of "sigstore" in a context which compared it to Let's Encrypt in the context of software. Operating a CA (which is what Let's Encrypt does) for Free Software code signing could make sense, but this does not seem to be that.

to post comments

Transparency

Posted Mar 12, 2021 22:52 UTC (Fri) by Jan_Zerebecki (guest, #70319) [Link] (1 responses)

> And CT isn't even really finished. A sufficiently powerful and nefarious actor could pervert things pretty badly, and the features mooted to prevent that mechnically ("Gossip" protocols and consistency proof checking) are not in fact deployed.

Yes, Trillian AKA CT (which sigstore uses as a dependency) explicitly mentions that it does not yet protect against split view attacks, where an attacker completely simulates a log with different content just for you.

> But in the space sigstore wants to occupy [...] this technology doesn't do what you need in that circumstance at all.

Do you have any suggestions for technology that would be better? I'd have use for a way to detect when others see e.g. the content of Linux 5.11.0 as different than what I see.

Transparency

Posted Mar 13, 2021 4:13 UTC (Sat) by pabs (subscriber, #43278) [Link]

These DebConf talks introduce a gossip hub, which IIRC is meant to attempt to prevent split view attacks:

https://debconf18.debconf.org/talks/104-software-transpar...
https://debconf19.debconf.org/talks/66-software-transpare...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds