Keys/Signature use in OSTree/Flatpak/Flathub
Philip Withnall
philip at tecnocode.co.uk
Sun Nov 6 18:43:20 UTC 2016
Hey,
Sorry about being late to the party. I got distracted by a bee.
I haven’t read TUF or analysed this in detail, but one point comes to
mind (below).
On Fri, 2016-09-30 at 15:36 +0200, Alexander Larsson wrote:
> *snip*
> The timestamp file is signed by the timestamp role key(s) and
> contains
> this info:
> * Creation time
> * Expiration time
> * sha256 of summary file
You need a way to deal with the hash function changing — SHA-256 won’t
be state of the art forever. And along with this, you’d need a way to
prevent downgrade attacks: if SHA-256 is ever broken, even if flatpak
uses SHA-256++ by default afterwards, an attacker could still forge a
SHA-256 hash and present it as legitimate. flatpak would need a signed
epoch in the timestamp file which says that “from this time onwards,
all hashes in this repository must use SHA-256++; it’s an attack if
anything continues to use any older hash algorithms”.
Similarly for key sizes and encryption/signature algorithms.
Philip
More information about the xdg-app
mailing list