From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 9A29D1F5A2; Sat, 8 Feb 2020 00:49:19 +0000 (UTC) Date: Fri, 7 Feb 2020 18:49:19 -0600 From: Eric Wong To: Konstantin Ryabitsev Cc: meta@public-inbox.org Subject: Re: Attestation signatures in a separate ref Message-ID: <20200208004919.GA4607@dcvr> References: <20200207194841.yzd3oziv34vooiq5@chatter.i7.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200207194841.yzd3oziv34vooiq5@chatter.i7.local> List-Id: Konstantin Ryabitsev wrote: > Hello: > > While I was working on the minimalist feed stuff [1], it occurred to me [1] being: https://public-inbox.org/meta/20200121222924.ioz5ve2sg65zcuoy@chatter.i7.local/ > that even though we may sign each commit, someone would still need to > clone the entire repository to perform verification. What if instead of > (or in addition to ) signing each commit in master, we have a separate ref > containing just PGP-signed metadata of each message. Seems like it could work if the indexer could be made to pick the signature blob out quickly by Message-ID w/o having to scan the full history. One advantage this has is a developer could perform the signature after-the-fact on a secure machine; while initially developing and sending patches from a machine they don't trust. > refs/heads/master:m > From: Foo Foo > To: linux-kernel@vger.kernel.org > Message-Id: > Date: Fri, 7 Feb 2020 13:43:34 -0500 > Subject: [PATCH] add foo to bar > > We need bar in foo! > > Signed-off-by: Konstantin Ryabitsev > --- > foo | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/foo b/foo > index 257cc56..3bd1f0e 100644 > --- a/foo > +++ b/foo > @@ -1 +1,2 @@ > foo > +bar > -- > 2.24.1 > > refs/heads/mailinfo:m > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Message-Id: git-foo-bar@foo-bar.local > Full-SHA256: 2da2c0088c380f4cc5bf7bfdc75cb02b67ff806b712c42ea325ca33dffa57a7f > Message-SHA256: 31838769c24277114191c9595fe5ffc619a22f892a23c6812d090d2cac13e1dc > Patch-SHA256: 3ea940267d098d3e4d87d5475403197006956ea9fcbb9d84f37aa804c6cd8943 > -----BEGIN PGP SIGNATURE----- > > iHUEARYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCXj22ZAAKCRC2xBzjVmSZ > .... > 0SJaB7csojQUzZBzX1Ntx9F+OzNy8gY= > =lvaU > -----END PGP SIGNATURE----- > > Full-SHA256 contains verbatim contents of master:m, while > Message/Patch-SHA256 contains the "msg" and "patch" output of "git > mailinfo". Separating it this way would allow someone to verify the > contents of a message even if it has been modified to remove headers or > mime-parts, e.g. for the purposes of creating a "git am" friendly mbox > file. I'm not sure if Full-SHA256 is worthwhile. Message-SHA256 could include From/Date/Subject (e.g. the stdout of git-mailinfo) and that'd be all the info necessary. If anything, the git blob OID should be there instead of Full-SHA256. Having the git blob OID would make verifying the full history of signatures possible w/o having to build a Message-ID-based indexer (but they'd still need a full clone). > The alternative is making these notes on the commits, but I believe that > has important scaling impacts. git's also looking to get reftable support to make notes more scalable, but a bunch of similar proposals haven't worked out over the years, so far... But notes would also interact badly with -edit and -purge rewriting history. > What do you think? Seems doable, but then again hardly any kernel developers sign stuff. Maybe improving UI/UX can change that, I don't know...