Date: Mon, 23 Oct 2017 09:11:20 +0200 From: Romain =?iso-8859-1?Q?Tarti=E8re?= <romain@FreeBSD.org> To: freebsd-security@freebsd.org, "freebsd-hackers@freebsd.org" <freebsd-hackers@FreeBSD.org>, freebsd-arch@freebsd.org Subject: Re: Trust system write-up Message-ID: <20171023071120.GA72383@blogreen.org> In-Reply-To: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net> References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Eric, On Sun, Oct 22, 2017 at 06:14:40PM -0400, Eric McCorkle wrote: > The following is a write-up of my current design for a public-key trust > system: >=20 > https://www.metricspace.net/files/freebsd_trust.pdf Two minor things while reading: 1. p2: from a end-user perspective, `trustctl` expects DER encoded certificates and CRL; while `certs` and `rootcerts` outputs PEM encoded certificates=E2=80=A6 So the formats are not the same, and may= be consistency would be advisable here; 2. p3: 'the preferred configuration' is said to be the most used one, but as described it only includes a single crt+key and does not look suitable for distributing upgrades with freebsd-update(8). Unless I missed something, I guess it's just the way it is described that needs disambiguation: - "local nodes" are basically what is described as "Preferred configuration", and have a single key+crt. So these nodes can only run the code they signed. - "high-security institutions" are kept as it, that is a single crt; So these nodes can only run code signed by the institution. Hybrid systems can be built by having more than one root node: - "preferred configuration" have a local key+crt (as an local node) AND the FreeBSD's project crt. So these nodes can run FreeBSD's code and their own code. - "standard FreeBSD images" as described have the FreeBSD's project crt. When installing, they generates a local key+crt and add them with the FreeBSD crt to the new system's trust store. So these images have the "high-security institutions" scheme, and install systems in the "preferred configuration" scheme. Thanks! Romain --=20 Romain Tarti=C3=A8re <romain@FreeBSD.org> http://people.FreeBSD.org/~romai= n/ pgp: 8234 9A78 E7C0 B807 0B59 80FF BA4D 1D95 5112 336F (ID: 0x5112336F) (plain text =3Dnon-HTML=3D PGP/GPG encrypted/signed e-mail much appreciated) --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEgjSaeOfAuAcLWYD/uk0dlVESM28FAlntlhUACgkQuk0dlVES M28IUAwAkC1TcnDuhF67t+1RbvZL5oTxtDBQjzzOTiIhX+W/Q8oZDMPGa2xpAyPP BxPX8oCbLLsWCP/FkVmMzxHz0zNSFTMQSPCzLfkhPUZzVNlG6XcF211U97umofQf ij2pvazZXLYcaH6sFkVbpjIGqoLehCgCnU87imD/stB8v1bpmr8qTOrNG0qVH5BF pWFa1rnRCouY6YRvyNxwmzW/tNbEeFqJ07t8vDSjG48bF7jbSezM/SLzmettl9Fi EFGs1GTLtqAVLX3XomajDGd+N76xAq6WEL+g5ys2Rm31BJoj3JcfREoHzEzSGiEW LaTJllt2r5Bz3EMPKGqf6i/fd8YiyJfSn/FUrpdO4iWHnYPEqBCVQ74ran/l3trX OYlFTyjwbG0/ocTxO1ZQ3wmdQ06dor41PiL6Rylis2ZZNxXI0IzjjK667Bs0LxHm +cBsCGDnmgcAhRPy7pgeXpfEd/w3VZY3mIB3kGYpYXQ8a5aJiqv7Pq5JEt/xndqM rPX0N+/z =ihHe -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171023071120.GA72383>