From: Fabian Stelzer <fs@gigacodes.de>
To: Jonathan Tan <jonathantanmy@google.com>, gitgitgadget@gmail.com
Cc: git@vger.kernel.org, hanwen@google.com,
sandals@crustytoothpaste.net, rsbecker@nexbridge.com,
bagasdotme@gmail.com, hji@dyntopia.com, avarab@gmail.com,
felipe.contreras@gmail.com, sunshine@sunshineco.com,
gwymor@tilde.club
Subject: Re: [PATCH v6 5/9] ssh signing: parse ssh-keygen output and verify signatures
Date: Thu, 29 Jul 2021 15:52:40 +0200 [thread overview]
Message-ID: <76cc0f7d-90d9-18bf-e749-feff8e584453@gigacodes.de> (raw)
In-Reply-To: <d4bda019-bbea-6645-e46a-18a702d3f0ad@gigacodes.de>
On 29.07.21 11:48, Fabian Stelzer wrote:
> On 29.07.21 01:04, Jonathan Tan wrote:
>>> to verify a ssh signature we first call ssh-keygen -Y find-principal to
>>> look up the signing principal by their public key from the
>>> allowedSignersFile. If the key is found then we do a verify. Otherwise
>>> we only validate the signature but can not verify the signers identity.
>>
>> Is this the same behavior as GPG signing in Git?
>
> Not quite. GPG requires every signers public key to be in the keyring.
> But even then, the "UNDEFINED" Trust level is enough to be valid for
> commits (but not for merges).
> For SSH i did set the unknown keys to UNDEFINED as well and they will
> show up as valid but not have a principal to identify them.
> This way a project can decide wether to accept unknown keys by setting
> the gpg.mintrustlevel. So the default behaviour is different.
> The alternative would be to treat unknown keys always as invalid.
>
I thought a bit more about this and my approach is indeed problematic
especially when a repo has both gpg and ssh signatures. The trust level
setting can then not behave differently for both.
My intention of still showing valid but unknown signatures in the log as
ok (but unknown) was to encourage users to always sign their work even
if they are not (yet) trusted in the allowedSignersFile.
I think the way forward should be to treat unknown singing keys as not
verified like gpg does.
If a ssh key is verified and in the allowedSignersFile i would still set
its trust level to "FULLY".
next prev parent reply other threads:[~2021-07-29 13:52 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 8:19 [PATCH] Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-06 10:07 ` Han-Wen Nienhuys
2021-07-06 11:23 ` Fabian Stelzer
2021-07-06 14:44 ` brian m. carlson
2021-07-06 15:33 ` Fabian Stelzer
2021-07-06 15:04 ` Junio C Hamano
2021-07-06 15:45 ` Fabian Stelzer
2021-07-06 17:55 ` Junio C Hamano
2021-07-06 19:39 ` Randall S. Becker
2021-07-07 6:26 ` Bagas Sanjaya
2021-07-07 8:48 ` Fabian Stelzer
2021-07-12 12:19 ` [PATCH v2] Add commit, tag & push " Fabian Stelzer via GitGitGadget
2021-07-12 16:55 ` Ævar Arnfjörð Bjarmason
2021-07-12 20:35 ` Fabian Stelzer
2021-07-12 21:16 ` Felipe Contreras
2021-07-14 12:10 ` [PATCH v3 0/9] RFC: Add commit & tag " Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 1/9] Add commit, tag & push signing via SSH keys Fabian Stelzer via GitGitGadget
2021-07-14 18:19 ` Junio C Hamano
2021-07-14 23:57 ` Eric Sunshine
2021-07-15 8:20 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 2/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-14 20:07 ` Junio C Hamano
2021-07-15 8:48 ` Fabian Stelzer
2021-07-15 10:43 ` Bagas Sanjaya
2021-07-15 16:29 ` Junio C Hamano
2021-07-14 12:10 ` [PATCH v3 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-14 20:20 ` Junio C Hamano
2021-07-15 7:49 ` Han-Wen Nienhuys
2021-07-15 8:06 ` Fabian Stelzer
2021-07-15 8:13 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 4/9] ssh signing: sign using either gpg or ssh keys Fabian Stelzer via GitGitGadget
2021-07-14 20:32 ` Junio C Hamano
2021-07-15 8:28 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 5/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 6/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-16 0:07 ` Gwyneth Morgan
2021-07-16 7:00 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 7/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 8/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 9/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-19 23:07 ` Junio C Hamano
2021-07-19 13:33 ` [PATCH v4 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-19 23:53 ` Junio C Hamano
2021-07-20 12:26 ` Fabian Stelzer
2021-07-19 13:33 ` [PATCH v4 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-20 0:38 ` [PATCH v4 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-07-27 13:15 ` [PATCH v5 " Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-28 22:32 ` Jonathan Tan
2021-07-29 0:58 ` Junio C Hamano
2021-07-29 7:44 ` Fabian Stelzer
2021-07-29 8:43 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-28 22:45 ` Jonathan Tan
2021-07-29 1:01 ` Junio C Hamano
2021-07-29 11:01 ` Fabian Stelzer
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 21:25 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-28 21:29 ` Junio C Hamano
2021-07-28 22:48 ` Jonathan Tan
2021-07-29 8:59 ` Fabian Stelzer
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 19:56 ` Junio C Hamano
2021-07-29 21:21 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-28 21:34 ` Junio C Hamano
2021-07-29 8:21 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-28 21:55 ` Junio C Hamano
2021-07-29 9:12 ` Fabian Stelzer
2021-07-29 20:43 ` Junio C Hamano
2021-07-28 23:04 ` Jonathan Tan
2021-07-29 9:48 ` Fabian Stelzer
2021-07-29 13:52 ` Fabian Stelzer [this message]
2021-08-03 7:43 ` Fabian Stelzer
2021-08-03 9:33 ` Fabian Stelzer
2021-07-29 20:46 ` Junio C Hamano
2021-07-29 21:01 ` Randall S. Becker
2021-07-29 21:12 ` Fabian Stelzer
2021-07-29 21:25 ` Randall S. Becker
2021-07-29 21:28 ` Fabian Stelzer
2021-07-29 22:28 ` Randall S. Becker
2021-07-30 8:17 ` Fabian Stelzer
2021-07-30 14:26 ` Randall S. Becker
2021-07-30 14:32 ` Fabian Stelzer
2021-07-30 15:05 ` Randall S. Becker
2021-07-28 19:36 ` [PATCH v6 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 19:57 ` Junio C Hamano
2021-07-30 7:32 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-29 8:19 ` [PATCH v6 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Bagas Sanjaya
2021-07-29 11:03 ` Fabian Stelzer
2021-08-03 13:45 ` [PATCH v7 " Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 2/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 3/9] ssh signing: add ssh key format and signing code Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 4/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 5/9] ssh signing: provide a textual signing_key_id Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 6/9] ssh signing: verify signatures using ssh-keygen Fabian Stelzer via GitGitGadget
2021-08-03 23:47 ` Junio C Hamano
2021-08-04 9:01 ` Fabian Stelzer
2021-08-04 17:32 ` Junio C Hamano
2021-08-03 13:45 ` [PATCH v7 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 8/9] ssh signing: tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 9/9] ssh signing: test that gpg fails for unkown keys Fabian Stelzer via GitGitGadget
2021-08-29 22:15 ` [PATCH v7 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-08-29 23:56 ` Gwyneth Morgan
2021-08-30 10:35 ` Fabian Stelzer
2021-09-07 17:35 ` Junio C Hamano
2021-09-10 8:03 ` Fabian Stelzer
2021-09-10 18:44 ` Junio C Hamano
2021-09-10 19:49 ` Fabian Stelzer
2021-09-10 20:20 ` Carlo Arenas
2021-09-10 20:07 ` [PATCH v8 " Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 2/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 3/9] ssh signing: add ssh key format and signing code Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 4/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 5/9] ssh signing: provide a textual signing_key_id Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 6/9] ssh signing: verify signatures using ssh-keygen Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 8/9] ssh signing: tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 9/9] ssh signing: test that gpg fails for unknown keys Fabian Stelzer via GitGitGadget
2021-12-22 3:18 ` t7510-signed-commit.sh hangs on old gpg, regression in 1bfb57f642d (was: [PATCH v8 9/9] ssh signing: test that gpg fails for unknown keys) Ævar Arnfjörð Bjarmason
2021-12-22 10:13 ` Fabian Stelzer
2021-12-22 15:58 ` brian m. carlson
2021-12-26 22:53 ` Ævar Arnfjörð Bjarmason
2021-12-30 11:10 ` Fabian Stelzer
2021-09-10 20:23 ` [PATCH v8 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-09-10 20:48 ` Fabian Stelzer
2021-09-10 21:01 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76cc0f7d-90d9-18bf-e749-feff8e584453@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).