From owner-freebsd-security@freebsd.org  Tue Oct 24 00:26:47 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 855F3E2FA7B
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 24 Oct 2017 00:26:47 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu
 (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2E32A6622E
 for <freebsd-security@freebsd.org>; Tue, 24 Oct 2017 00:26:46 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu (localhost [127.0.0.1])
 by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id v9O0QidZ009992;
 Mon, 23 Oct 2017 20:26:44 -0400 (EDT)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: (from wollman@localhost)
 by hergotha.csail.mit.edu (8.15.2/8.14.4/Submit) id v9O0QicJ009991;
 Mon, 23 Oct 2017 20:26:44 -0400 (EDT) (envelope-from wollman)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23022.35012.399346.198594@hergotha.csail.mit.edu>
Date: Mon, 23 Oct 2017 20:26:44 -0400
From: Garrett Wollman <wollman@bimajority.org>
To: Eric McCorkle <eric@metricspace.net>
Cc: "Simon J. Gerraty" <sjg@juniper.net>, freebsd-security@freebsd.org
Subject: UNS: Re: Trust system write-up
In-Reply-To: <d06c911a-9e2a-901f-b2bb-4fa2c26b2d59@metricspace.net>
References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net>
 <1508775285.34364.2.camel@freebsd.org>
 <e4fb486c-fe8a-571e-8c95-f5f68c44b77c@metricspace.net>
 <72903.1508799185@kaos.jnpr.net>
 <d06c911a-9e2a-901f-b2bb-4fa2c26b2d59@metricspace.net>
X-Mailer: VM 8.2.0b under 25.3.1 (amd64-portbld-freebsd10.3)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (hergotha.csail.mit.edu [127.0.0.1]); Mon, 23 Oct 2017 20:26:44 -0400 (EDT)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,
 HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 hergotha.csail.mit.edu
X-Mailman-Approved-At: Tue, 24 Oct 2017 02:08:30 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 00:26:47 -0000

<<On Mon, 23 Oct 2017 20:00:53 -0400, Eric McCorkle <eric@metricspace.net> said:

> However, there is a definite advantage to having one signature for a
> huge number of MACs.  Moreover, as I mention in the paper, the most
> feasible quantum-safe signature scheme at the present is SPHINCS, which
> has signatures about 40Kib in size.  That's pretty terrible if you're
> signing each executable, but if you're signing 20-30k MACs at 16-32
> bytes per code plus a path, suddenly a 40Kib signature doesn't look so
> bad anymore.  It would be pretty great to roll out a trust
> infrastructure AND viable quantum-safe signatures.

> I could also see a combined scheme, say, where ELF files carry a UUID
> which indexes into a MAC manifest.

Since packages are already distributed with signatures over the entire
package manifest, it would be nice if you could use the package system
to feed this.

-GAWollman