From owner-freebsd-security@freebsd.org Sat Feb 15 19:27:05 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37DF624609E for ; Sat, 15 Feb 2020 19:27:05 +0000 (UTC) (envelope-from ndorf@rtfm.net) Received: from iad1-shared-relay1.dreamhost.com (iad1-shared-relay1.dreamhost.com [208.113.157.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48KgHC2777z4fpR; Sat, 15 Feb 2020 19:27:03 +0000 (UTC) (envelope-from ndorf@rtfm.net) Received: from cloudburst.dreamhost.com (cloudburst.dreamhost.com [66.33.212.129]) by iad1-shared-relay1.dreamhost.com (Postfix) with ESMTP id 0A800B40086; Sat, 15 Feb 2020 11:26:56 -0800 (PST) Received: by cloudburst.dreamhost.com (Postfix, from userid 10401829) id DAF14ECA; Sat, 15 Feb 2020 11:26:55 -0800 (PST) Date: Sat, 15 Feb 2020 19:26:54 +0000 From: Nathan Dorfman To: Glen Barber Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic signatures of installer sets Message-ID: <20200215192654.GA8@rtfm.net> References: <20200125200007.GA11@rtfm.net> <20200127164201.GB9584@FreeBSD.org> <20200130005006.GA13@e398a4ce8009> <20200130132239.GG9584@FreeBSD.org> <20200201233420.GA18@rtfm.net> <20200203135710.GK9584@FreeBSD.org> <20200211233132.GA7@rtfm.net> <20200212152221.GE9584@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200212152221.GE9584@FreeBSD.org> X-Rspamd-Queue-Id: 48KgHC2777z4fpR X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ndorf@rtfm.net designates 208.113.157.50 as permitted sender) smtp.mailfrom=ndorf@rtfm.net X-Spamd-Result: default: False [3.17 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:208.113.157.50]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[rtfm.net]; NEURAL_SPAM_MEDIUM(0.64)[0.641,0]; IP_SCORE(1.91)[ip: (8.79), ipnet: 208.113.128.0/17(-0.08), asn: 26347(0.88), country: US(-0.05)]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.92)[0.925,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:26347, ipnet:208.113.128.0/17, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2020 19:27:05 -0000 On Wed, Feb 12, 2020 at 03:22:21PM +0000, Glen Barber wrote: > > Have you considered the possibility of simply publishing a detached > > signature with every MANIFEST, in a similar manner to what is done for > > the installer images? > > > > I have not, as a change to the misc/freebsd-release-manifests port will > generate an email (or at minimum, a change in the repository), which > would be a red flag for nefarious behavior. Gotcha. So it sounds like your solution is the best path forward. Looking forward to seeing your patch! -nd.