[Nix-dev] Authenticating binary substitutes

[Ludovic Courtès]

Eelco Dolstra <eelco.dolstra at logicblox.com> skribis:

> On 22/05/13 16:16, Ludovic Courtès wrote:
>
>> I think it’s enough to sign nars.  What do you think it would add to
>> sign narinfos as well?
>
> I think it's enough to sign the narinfo, since it contains the hash of the NAR
> (which Nix already verifies).

Right.

> Also, rather than having a separate .sig file, the signature could be stored in
> the narinfo file itself.  That would halve the number of HTTP requests.

Well, the .sig only needs to be downloaded when the user actually
substitutes something; this is not a situation where it would really
make a difference.

Also, how would the signature be formatted, then?

> On 22/05/13 15:19, Lluís Batlle i Rossell wrote:
>
>>> How about: rather than relying on nix-cache-info, nix.conf should specify a list
>>> of fingerprints of trusted OpenPGP signing keys.  Then when we fetch a .narinfo,
>>> we check whether it is signed by a trusted key.  This way you don't have the
>>> problem Lluís described.
>> 
>> Well, if we use gpg, gpg has its own system of trust, too. Or it's about not
>> using gpg?
>
> Now that you mention it, it would probably be better to use OpenSSL than GnuPG,
> given that we already have a (optional) dependency on OpenSSL, while GnuPG would
> be a fairly big new dependency.

I was mentioning OpenPGP (the spec), not GnuPG (an implementation).

What format and model do you have in mind?

The ideal may be SPKI/SDSI here, but OpenPGP is what people are used to,
and it’s readily available.

Ludo’.