Public bug reported: Currently, the only supported signature type for image signature verification [1] is RSA-PSS, although the signature type used is configurable.
It would be advantageous to support multiple types of signatures beyond just RSA-PSS. For one, different types of signatures become out of date with time (for example, PKCS1v15 is no longer recommended for new applications). Also, the signature length is currently limited to 255, which limits RSA-PSS signatures to having a 1024-bit key, which is less than the minimum recommended key size for RSA. Elliptic Curve signatures, on the other hand, could fit into the 255 limit while still using a recommended key size. This lite spec is for the addition of verification support for two additional signature types: DSA and Elliptic Curve Note that this support was discussed during the Tokyo Summit [2] and it was decided that it should be tracked as a lite spec. [1] http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html [2] https://etherpad.openstack.org/p/mitaka-glance-image-signing-and-encryption ** Affects: glance Importance: Undecided Status: New ** Tags: spec-lite -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1513973 Title: Add support for additional signature types Status in Glance: New Bug description: Currently, the only supported signature type for image signature verification [1] is RSA-PSS, although the signature type used is configurable. It would be advantageous to support multiple types of signatures beyond just RSA-PSS. For one, different types of signatures become out of date with time (for example, PKCS1v15 is no longer recommended for new applications). Also, the signature length is currently limited to 255, which limits RSA-PSS signatures to having a 1024-bit key, which is less than the minimum recommended key size for RSA. Elliptic Curve signatures, on the other hand, could fit into the 255 limit while still using a recommended key size. This lite spec is for the addition of verification support for two additional signature types: DSA and Elliptic Curve Note that this support was discussed during the Tokyo Summit [2] and it was decided that it should be tracked as a lite spec. [1] http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html [2] https://etherpad.openstack.org/p/mitaka-glance-image-signing-and-encryption To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1513973/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
