From: Eric Wong <firstname.lastname@example.org> To: Konstantin Ryabitsev <email@example.com> Cc: firstname.lastname@example.org Subject: Re: Attestation signatures in a separate ref Date: Fri, 7 Feb 2020 18:49:19 -0600 Message-ID: <20200208004919.GA4607@dcvr> (raw) In-Reply-To: <email@example.com> Konstantin Ryabitsev <firstname.lastname@example.org> wrote: > Hello: > > While I was working on the minimalist feed stuff , it occurred to me  being: https://email@example.com/ > that even though we may sign each commit, someone would still need to > clone the entire repository to perform verification. What if instead of > (or in addition to ) signing each commit in master, we have a separate ref > containing just PGP-signed metadata of each message. Seems like it could work if the indexer could be made to pick the signature blob out quickly by Message-ID w/o having to scan the full history. One advantage this has is a developer could perform the signature after-the-fact on a secure machine; while initially developing and sending patches from a machine they don't trust. > refs/heads/master:m > From: Foo Foo <firstname.lastname@example.org> > To: email@example.com > Message-Id: <firstname.lastname@example.org> > Date: Fri, 7 Feb 2020 13:43:34 -0500 > Subject: [PATCH] add foo to bar > > We need bar in foo! > > Signed-off-by: Konstantin Ryabitsev <email@example.com> > --- > foo | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/foo b/foo > index 257cc56..3bd1f0e 100644 > --- a/foo > +++ b/foo > @@ -1 +1,2 @@ > foo > +bar > -- > 2.24.1 > > refs/heads/mailinfo:m > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Message-Id: firstname.lastname@example.org > Full-SHA256: 2da2c0088c380f4cc5bf7bfdc75cb02b67ff806b712c42ea325ca33dffa57a7f > Message-SHA256: 31838769c24277114191c9595fe5ffc619a22f892a23c6812d090d2cac13e1dc > Patch-SHA256: 3ea940267d098d3e4d87d5475403197006956ea9fcbb9d84f37aa804c6cd8943 > -----BEGIN PGP SIGNATURE----- > > iHUEARYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCXj22ZAAKCRC2xBzjVmSZ > .... > 0SJaB7csojQUzZBzX1Ntx9F+OzNy8gY= > =lvaU > -----END PGP SIGNATURE----- > > Full-SHA256 contains verbatim contents of master:m, while > Message/Patch-SHA256 contains the "msg" and "patch" output of "git > mailinfo". Separating it this way would allow someone to verify the > contents of a message even if it has been modified to remove headers or > mime-parts, e.g. for the purposes of creating a "git am" friendly mbox > file. I'm not sure if Full-SHA256 is worthwhile. Message-SHA256 could include From/Date/Subject (e.g. the stdout of git-mailinfo) and that'd be all the info necessary. If anything, the git blob OID should be there instead of Full-SHA256. Having the git blob OID would make verifying the full history of signatures possible w/o having to build a Message-ID-based indexer (but they'd still need a full clone). > The alternative is making these notes on the commits, but I believe that > has important scaling impacts. git's also looking to get reftable support to make notes more scalable, but a bunch of similar proposals haven't worked out over the years, so far... But notes would also interact badly with -edit and -purge rewriting history. > What do you think? Seems doable, but then again hardly any kernel developers sign stuff. Maybe improving UI/UX can change that, I don't know...
prev parent reply index Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-07 19:48 Konstantin Ryabitsev 2020-02-08 0:49 ` Eric Wong [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://public-inbox.org/README * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200208004919.GA4607@dcvr \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
user/dev discussion of public-inbox itself Archives are clonable: git clone --mirror https://public-inbox.org/meta git clone --mirror http://czquwvybam4bgbro.onion/meta git clone --mirror http://hjrcffqmbrq6wope.onion/meta git clone --mirror http://ou63pmih66umazou.onion/meta Example config snippet for mirrors Newsgroups are available over NNTP: nntp://news.public-inbox.org/inbox.comp.mail.public-inbox.meta nntp://ou63pmih66umazou.onion/inbox.comp.mail.public-inbox.meta nntp://czquwvybam4bgbro.onion/inbox.comp.mail.public-inbox.meta nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta nntp://news.gmane.io/gmane.mail.public-inbox.general note: .onion URLs require Tor: https://www.torproject.org/ AGPL code for this site: git clone https://public-inbox.org/public-inbox.git