[Catalog-sig] [DRAFT] Proposal for fixing PyPI/pip security
Nick Coghlan
ncoghlan at gmail.com
Sun Feb 10 14:43:03 CET 2013
On Sun, Feb 10, 2013 at 11:30 PM, Giovanni Bajo <rasky at develer.com> wrote:
> This is by far the biggest problem to be solved, and my document brings a proposal here. It would be great if the TUF guys reviewed it.
Ensuring we fully address the problems that are addressed by TUF is
more important than the question of whether or not we use the TUF
software itself. However, the concern I have with your proposal is
that I saw zero information regarding how it deals with attackers
supplying old versions of software, or, indeed, any description of the
threat model at all. The parts of your proposal that I believe need to
be closely reviewed are:
- GPG vs PKCS#1
- your custom trust model vs TUF target delegation
- any threats that TUF covers and your proposal does not
As far as the involvement TUF has had with other projects goes, I
suspect this paper is at the heart of it:
http://freehaven.net/~arma/tuf-ccs2010.pdf
You may be right that those other projects addressed their issues by
fixing the schemes they already had, rather than adopting TUF
directly. We're in a somewhat different situation to those projects
though, since we don't currently have an end-to-end integrity checking
scheme at all.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Catalog-SIG
mailing list