On 12/30/2016 12:58 AM, Andrew David Wong wrote:
After meditating on this thread for a little over three years, I'd
like to revive it, because I think Marek made an important point here,
and I don't quite understand Joanna's response.
If we don't trust GPG in our backup system because it does too much
parsing of untrusted data before verification (which I believe is
correct), then why do we trust it in our dom0 update system?
Ultimately, only Joanna can decide whether some guardian functions are
suitable for Qubes. But I don't necessarily buy into her assertion about
gpg verify: Watch some verbose output and declare 'Hark! Complexity!'.
Is it /that/ worrisome for gpg to iterate over X message segments and
decide if each is valid?
"If we don't trust GPG in our backup system" ...can it be trusted
anywhere else?
Remember, a number of us are defending pgp/gpg in social media for
general use. IIRC, Joanna recently has. Does it make sense to assume
Qubes backups or updates are special cases? This issue should be taken
to the GnuPG and OpenPGP fora.
Perhaps we meant something slightly different here: All the normal
distro packages *for dom0* (e.g., Fedora 23 packages, in the case of
R3.2) would have to be included in the Qubes repos in order for such a
solution to be effective. Even this would be true only if the custom
solution were repo- or package-dependent, and only if we wanted to
guarantee secure updates using the new method for all of those
packages. (There's a lot to be said for making dom0 smaller, and
minimizing the number of packages installed there accords with that
notion.)
[2] This would seem to be a significant design flaw (perhaps a flaw in
the OpenPGP spec).[3] It means that GPG does either mac-then-encrypt
or mac-and-encrypt rather than the superior encrypt-then-mac.[4]
[3] http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
[4] http://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html
No. 3 is really old. Does it still apply? Is there really no option that
results in encrypt-then-mac?
No. 4 is interesting, but no mention of PGP and it seems focused on AES.
On update packages -- Since they're not encrypted (only signed), does it
matter? Furthermore, its the repo manifests that are signed (at least on
Debian).
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/cb433dff-36f4-4883-130f-91ad61d058eb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
