From owner-freebsd-security@FreeBSD.ORG Sat Mar 8 22:31:15 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5767E77; Sat, 8 Mar 2014 22:31:15 +0000 (UTC) Received: from mail-vc0-x233.google.com (mail-vc0-x233.google.com [IPv6:2607:f8b0:400c:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 60F3917D; Sat, 8 Mar 2014 22:31:15 +0000 (UTC) Received: by mail-vc0-f179.google.com with SMTP id ij19so5146481vcb.38 for ; Sat, 08 Mar 2014 14:31:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=2DGypOAfTAXVmvw1KNqpmkNWMgNlyUrjgn4QkZdyWOo=; b=g/tEACNdm9g5ApkaVooq5DkWbcXt26H1k2+HxAg65XwavNPLD8Ax4QUyPml+3ZOEnD K9P/MwuMZel1+g9iAe4ZGcCjm9jAQF9xHuXxxanhBAZxpPaJstlO/rhzUIJJprLcyOm6 jVB4rDO4kpAu0sr6khVOHz6zZKaUMb7RDjKaFEuLkBpZa/3HkmuZxDBOIBn0+6wtnxFW o5NehtT+gLLZHPT7M6YUF60kzSPls4J2sQp2WrmghaVusHqq3WMAPqivO7yvnvLD0iEo J82FlXe5RVVEd/3nkRc24oGCGK/Itbnlay1rGDdXpN4+5043M0fK6kMFdgUSrZsB2tIx hWIg== MIME-Version: 1.0 X-Received: by 10.220.95.139 with SMTP id d11mr1839839vcn.21.1394317874488; Sat, 08 Mar 2014 14:31:14 -0800 (PST) Received: by 10.220.106.199 with HTTP; Sat, 8 Mar 2014 14:31:14 -0800 (PST) Date: Sat, 8 Mar 2014 17:31:14 -0500 Message-ID: Subject: Secure Infrastructure [Crypto signed ISO images] From: grarpamp To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Sat, 08 Mar 2014 23:02:32 +0000 Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Mar 2014 22:31:15 -0000 >>> Cryptografically signed ISO images >>> http://docs.freebsd.org/cgi/mid.cgi?20140302172759.GA4728 >> If the use of [the signed] SHA-2[56] hashes don't provide enough >> assurance that the ISO images are authentic can you explain the >> crypto technology that you are looking for? Signing the ISO's [hashes of same] is a common practice. As is now signing the packages. However, just remember that both of these are only handwavy security bandaids trying to be placed from the periphery in, which is not the way to do things right... Until the FreeBSD project ... (1) moves to a repository such as Git [or something like the even further crypto integrated Monotone], where the repository itself has an internal crypto hash structure that can be signed from the very first initializing commit and upon later commits/tags/branches, etc... and (2) has and uses deterministic reproducible builds for everything flowing downstream from that [the source repo, packages, isos, build servers, rsync/ftp/http distribution servers, web/wiki/forum/mail servers, etc...] ... signing the periphery may look good to the casual observer, but it is ultimately untraceable in any cryptographic sense to the code from which those periphery elements are purported to come from. That's not a good position to be in, and is a clarification regarding discontiguous trust chains that needs pointed out. It also wouldn't hurt to have the repo on ZFS raidzN sha256, ECC ram, etc... if not already. >> if you verified the certificate of https host... ... you probably have more to learn about verification. https://www.eff.org/observatory https://en.wikipedia.org/wiki/Certificate_transparency And let's not forget the needed DNSSEC and IPSEC components. Though 1 and 2 above would be a great start. References... https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details https://wiki.debian.org/ReproducibleBuilds https://gitian.org/ http://git-scm.com/about/distributed http://git-scm.com/about/info-assurance http://www.monotone.ca/