From owner-freebsd-security@freebsd.org Tue Oct 24 05:33:40 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4076FE40544 for ; Tue, 24 Oct 2017 05:33:40 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0128.outbound.protection.outlook.com [104.47.42.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C324E70DCA for ; Tue, 24 Oct 2017 05:33:39 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FTTfNAqWcF6pw9Lolcpm/kr6Zoj8D7XV9eNhGyYjIvg=; b=PaOz2O/62Nu0eENt9QYa7KghWlu6IqA3opKSiLLTeIR3w1Yav9l69zCbJlLb0wJrwhpyfZtSaQq8R9jKGAqNqeMBlHEN1L1qVI8DzBXKMZUgf9izXF/qUjAHBhCc7nDLiGHySAr0mSJFq/whx4hx84U12j0ANlPWHzN0hjSU23A= Received: from BN3PR05CA0042.namprd05.prod.outlook.com (10.174.64.52) by BN6PR05MB3603.namprd05.prod.outlook.com (10.174.235.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.3; Tue, 24 Oct 2017 05:33:38 +0000 Received: from DM3NAM05FT010.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::204) by BN3PR05CA0042.outlook.office365.com (2603:10b6:400::52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.178.3 via Frontend Transport; Tue, 24 Oct 2017 05:33:37 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; bimajority.org; dkim=none (message not signed) header.d=none; bimajority.org; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT010.mail.protection.outlook.com (10.152.98.117) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.20.156.4 via Frontend Transport; Tue, 24 Oct 2017 05:33:37 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 23 Oct 2017 22:33:35 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v9O5XYNL010613; Mon, 23 Oct 2017 22:33:34 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id E7622385567; Mon, 23 Oct 2017 22:33:34 -0700 (PDT) To: Garrett Wollman CC: Eric McCorkle , , Subject: Re: UNS: Re: Trust system write-up In-Reply-To: <23022.35012.399346.198594@hergotha.csail.mit.edu> References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net> <1508775285.34364.2.camel@freebsd.org> <72903.1508799185@kaos.jnpr.net> <23022.35012.399346.198594@hergotha.csail.mit.edu> Comments: In-reply-to: Garrett Wollman message dated "Mon, 23 Oct 2017 20:26:44 -0400." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <78859.1508823214.1@kaos.jnpr.net> Date: Mon, 23 Oct 2017 22:33:34 -0700 Message-ID: <78860.1508823214@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(346002)(376002)(2980300002)(24454002)(189002)(199003)(7696004)(2950100002)(47776003)(97876018)(9686003)(105596002)(55016002)(107886003)(6246003)(6266002)(2906002)(50226002)(53416004)(2810700001)(76506005)(97756001)(189998001)(86362001)(50466002)(53936002)(69596002)(97736004)(68736007)(46406003)(8936002)(8676002)(117636001)(229853002)(81156014)(81166006)(4326008)(77096006)(50986999)(305945005)(356003)(316002)(6916009)(54906003)(106466001)(16586007)(93886005)(5660300001)(76176999)(23726003)(478600001)(7126002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR05MB3603; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT010; 1:HPirdidbwqvdAn5hcvDr1ovs82SYRPY6ZqEbsdtt3Ok5HhwaokM/1HcUoeINCQUOMxC6ztM4xQ8wYUvL6VZ+zYeu71Il6b/GOONwGfFpX7z/SNHa/kwxOHqTDtwT8/aM X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: de3d412b-5b54-4750-b5d4-08d51aa0c6e1 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:BN6PR05MB3603; X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3603; 3:/xae0yO8f+AM27SNTyRbX2Sc/uaiBb9hJS8XqSMPEyZAvp+0MSMkolblDjfvoq/UXL196Qpe/EQX7qX9PStziguwms77gNlvu+lSww0R7a3IVK7qx0toukTBabdZxyb2xTvc1sh4FxfMhM/oYgXhKA1CoV6dPWeX0SpnCz+zoXVmlwKzl32MjpUaOBCbM+YCpVONl9qjE7MRQwmMH0IKMkhWMcBJ75OCKpi6nC/4x2PqMdL6tTNi0i16k/jxowlUffU+0C+EKCIB7GRg9nwUkKd54Ozffbi1cS6rXv8bO6c5iTtPNAi/YkkHzrVyH5O379FkYZ4trmjdJ+RKOvsma6/BoHnX4Ik8LLlNpFm+62w=; 25:x4W0yA+RCFEu/4t7BWBiP3EcG9FJHWT0Hn8gW7C63pt2ok1eBH52Q/Uh4E7qQsL1bxBMrvIBWAmhTKAjwBRT9Z+k8y1ySMuxzmEbUVbvKpL+yk7VD4PQJPZYxYYor8OnfdQTfXUuzByyHPwjOcZGDLXx98CggIlUsAyBmTH8ZUKbxJ8hJGe3+MzTPkRQZqwIOP91hs74B9itIwqUCvyJSz+RnJMuHbssBPQBkZHd23dPfaHb8x3MGS3MbOMWVUtjRWXl6YTh0G8FNC8liNVgscwNLo9I4Tc4lmdzK3kJOUjJEx0U9ZsCMMErC1TbMv6Dn/+SNQ6uLd1HKp3DXsoV4Q== X-MS-TrafficTypeDiagnostic: BN6PR05MB3603: X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3603; 31:kABbQah5c1hp7gKcy3sdo5hNu/F/B0KH/KuU1Yznb0DUKWgpMsYup9X31zIpzLjymAyjZmWZn3PHiKuYiLz0fKaDLQcW37A+vx+Tmee/2kGxaKI3HJnf3Qva58Kdv2MJObGeWkbq4T2ohbaLaOfbN8SJG1RDaywV4tJXdgZF3gaPMEiloxRmqyCVsgD+/4YhAY9U93AnLsFEREYMN7iQy8NqV1fs7epjyrychf8bj/g=; 20:azLwYcA8snl5EC1eVrloyUQnPFoWen28jjjf3j/U6a11qbF9Yajr3EskrW8XZS6P7ntproT9vr5eVAAnbEENr5zGel98biR+aGOL06yRin3YDMNll/4njn/leQdZS5mvgb1OU5Rgjs9+XUKdX1YqtV/ftmOQo83hbEOJSBqNK2c9d3Bd1IiaElkN1XJ5F3FNiPqXlDGa3LclPGHtai7GHuNbATtHlGPxxXniQiR0WJlFt4YQ1sVb3u+bbeB8D9/6G5GfSMWYUHXFVkP2SlNabIPf/lvlrnLqMfN9SxSMsW91DAdkSXifRULhLIaqJ1r0ZS7Xi++BOyRtjO7cFLzHlWfpp5vH7IFt0oEMn/4bFoKwj8mznLNL9tpgmioIiPdCMQ0qQMksst7ZVzJHXj7rbRmQ39OmcY1d4hCiyBGFXbXsfaJkzwpBr4uM2OXQJ7mFKnt9JDDjqCwyYKeKsiPDPmtPE3RejZxeVSMS6eIjfWL7PodCCT/cVj6fTXJ0FNOx X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93003095)(100000703101)(100105400095)(10201501046)(3002001)(3231020)(6055026)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR05MB3603; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR05MB3603; X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3603; 4:jpFeGt1KldMlJcz+MPsNCsDZCP3UVL/uQ/80qkplz0gTSY3sTLIk3tiRKSTe2fPBLK9ldW+n6zWjX1N1/bovWbFvaXpb+GETcRODe94LD6XsaS/CBTCvBACOKg54yEl/YtuCUomDH9kA2QVNldHpmM83T+Cbm1vQOH4PnGC7keqtBH6WT0UmNailrDkJi4ES7KYsUvVbyX8xUyht8XdFiExIzu0rkVP0iovmewAdSsQaA/bT20MWqe5PHQJcrv2IJy7GfpKnvS5Ykf15o2ai0w== X-Forefront-PRVS: 047001DADA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR05MB3603; 23:MI6BTvbXwzPpFWaj/UgJf7Y/ngwvY6IajfLWssnRg?= =?us-ascii?Q?RuMXdYK4J+C5b9RDOMLJfF4/uHMHYTzm6P6ZejL6rk7EPK8NcHklNwg0cLHP?= =?us-ascii?Q?pEkosJVcxs+ARcpOYtflXYYprY7Q7gI0i2SmRNN3OnHhBVlcXwRvdIuM/ph4?= =?us-ascii?Q?c27/+vsjdtTlvwn1G9MYrV6WN5q+NND86rW7JP6Owl4dI44W1TPhzxnuy8f2?= =?us-ascii?Q?W7skuRj6CmcZ2ti7uFche564RKCdG8pIVu4AYXEi4mJ5HnS3ZgfNgx4pJcJc?= =?us-ascii?Q?EYehxfbmGH108bRQKTcIG8rDNYtEXhLNsMNtBXi1k5OT6onzvlx5a03FtpLr?= =?us-ascii?Q?NT3EYqUUfG9PISHTfQHZ29MlnvulVIbXDccRktnGXmquhRFhdTd/bW9sE2CR?= =?us-ascii?Q?fyf9jShC8RfA8p4leB7DyE1Mwh3BLwWp/rinhuV4Qkhcfj672JoYuTRk5lOo?= =?us-ascii?Q?dnwB1SrzMd0LRqUMLVtjs7b5xDw8Qyb7peJypDrT3OvzlX4VlvTI/Bvimscs?= =?us-ascii?Q?WUYBUFfHZLTb7VHW2VXSLtfPrNKBqXUZpHFMDMUQj4aL5lISnOyHMjgcLCq3?= =?us-ascii?Q?lkO4MPsFB6sG25pN8mDEMEA/VioXwrOnpHg6WEc8ZwCQTQ2fWgu51FenCR5R?= =?us-ascii?Q?Jjrfsy6F8Yc/u8SbWFrtirDnqS8EHBWX7QqG40iYzi4BXIbVi60iipLqGFXc?= =?us-ascii?Q?9uCrYZ4aEk/zUF3PEoPT+YfMi8h2mH2340feSQdMEBj2peQhcyb4FADTH937?= =?us-ascii?Q?o5NzmO1YNwyZAeeHCu61bGaltCXWJmht75h7LMUKlJs0u/UEYX4SJkB7rn8r?= =?us-ascii?Q?XVGACO9LDjTKRUym/jM4E3MBE/TILFwxXw1hxoWGFnA21w63AoqaHNPwOmCw?= =?us-ascii?Q?xb5jcvPOi58jJA6KkrE0E1cgT+yU2V3KWwk7E2Pk2avuUjzk8ZaaRqiECS6u?= =?us-ascii?Q?I8bVp2TBSVS6DISxRa5sDqitoNOyuDwL3isw6r84I0mr2DsnMkkYKax06rJ+?= =?us-ascii?Q?pC1ibJW5rdB1SVCpvw8DRM0h7uKRcVJMa73Bc3NSTDUkUWwfwmzb5UEOtt+0?= =?us-ascii?Q?bamU/2a6X8Sv1d2BjZpLhINDofFzEN27jy0LwLr4U36APBzg1Ej/zVOhOW5R?= =?us-ascii?Q?9sWjxE6PMnBU6+6+gRDvcRon8LybEpdL6Xr27GtD2hCdubxXuOZO0zGGo6eS?= =?us-ascii?Q?0C8PHVJefOr+WVOKZ0U2LEPatOBABJnvFr71RBADVrhXW56eKw7LvSR5wivR?= =?us-ascii?Q?NchgXwGOiL2KRpBkBTFL+xoqdd3vh7M/8gpc6vG?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3603; 6:4SkPolwjQZmPMQxi30LmSNmbE9ooeNvAnBZfUHu6fsKaf+cPFiNW0IOgNBjJEpAk8EK8TTlq/09FGyNZLYQ35d8BGGpG396dWk2GULPxCaZeHm51h1cm/EK0ptmJIKWsJt/hRUbs4izf2BdtAr2AOuHh3KWy4whw8RyURhpAwHFPSEyrUO7OwHnVf795JPB6UYoMJC51sTBESxeLD5b3O770qe6Vbp5E0te0e285QY0YzBfYgo8H6OgGMzRL8R3Pid6N4PEMxWPNwlCXi0Sh1VuQ8bijT1TgYaFe/ohFdDr5LU/1B/d6/wYSIqAR+Bsb3R03CkaAjh0f2P8pZT+OPSrjxztVn+FxHuOEj/G31tg=; 5:wNZzfHaPHz1CC7zl5X1xl32X9IgosQod5F+5oMXSeElpTgmXflnPBhPFvRs7FtVbPtSbLLr9kgM5sEe2UGNOb9ASYCqfG0KbSWudmrD3xdwe+8yk5e/tSdI77xNTJAdJaKt1SM5jy86vsWKTC8LQs9OFXYlFhTBAXbS889xu3Tw=; 24:kIUbM+y0Zd3ezmOZCkOQgCo3Z6ewCE7JCLIbHLBhUt8nm0OJxpUHND8yXzMWGurzAHcps52HAjHD8I99rjq1cSvcj3xbIrmYE/yoUQFJ/hI=; 7:Qe0VYI0D3IEeZpX8ZTsjnQsCR/APLDZxV3GtK21XxTppB1w4KHtjTMtq+9SkQPzCFzXXnIi1ZWI87LjmoPliKXa3HMKe7qWwneiysmb+Cj1cnbIE+bCcsJ0BCNKkh2E+C2E9DqQRxoz08BFcdilS3tWzFdrXZK865kQ46MVz80uwRjbgE+6HUanK9++Uo/WdD+5+XR4jHB1n1cArabM/7oRQbfWkRUEZut6LxgsMLJqONi5Mkf9peelQzmEkyaHq SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2017 05:33:37.3437 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: de3d412b-5b54-4750-b5d4-08d51aa0c6e1 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3603 X-Mailman-Approved-At: Tue, 24 Oct 2017 10:10:57 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2017 05:33:40 -0000 Garrett Wollman wrote: > Since packages are already distributed with signatures over the entire > package manifest, it would be nice if you could use the package system > to feed this. Yes, that's what we do in Junos. The Junos package system relies on veriexec to verify packages and their content, and thus automatically feed manifest contents to the kernel, which renders the content executable. Eric's configurable trust store, could allow the above to be more widely used. In Junos the trust store is burned into the apps that need to verify things - which is great for us but not what you want for general deployment system. But it's hard to do things like this if they have to be optional.