Re: Attestation signatures in a separate ref

[Eric Wong <e@yhbt.net>]

Konstantin Ryabitsev <konstantin@linuxfoundation.org> wrote:
> Hello:
> 
> While I was working on the minimalist feed stuff [1], it occurred to me 

[1] being:
https://public-inbox.org/meta/20200121222924.ioz5ve2sg65zcuoy@chatter.i7.local/

> that even though we may sign each commit, someone would still need to 
> clone the entire repository to perform verification. What if instead of 
> (or in addition to ) signing each commit in master, we have a separate ref
> containing just PGP-signed metadata of each message.

Seems like it could work if the indexer could be made to pick
the signature blob out quickly by Message-ID w/o having to
scan the full history.

One advantage this has is a developer could perform the
signature after-the-fact on a secure machine; while initially
developing and sending patches from a machine they don't trust.

> refs/heads/master:m
>   From: Foo Foo <foo@example.com>
>   To: linux-kernel@vger.kernel.org
>   Message-Id: <git-foo-bar@foo-bar.local>
>   Date: Fri, 7 Feb 2020 13:43:34 -0500
>   Subject: [PATCH] add foo to bar
> 
>   We need bar in foo!
> 
>   Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
>   ---
>    foo | 1 +
>    1 file changed, 1 insertion(+)
> 
>   diff --git a/foo b/foo
>   index 257cc56..3bd1f0e 100644
>   --- a/foo
>   +++ b/foo
>   @@ -1 +1,2 @@
>    foo
>   +bar
>   --
>   2.24.1
> 
> refs/heads/mailinfo:m
>   -----BEGIN PGP SIGNED MESSAGE-----
>   Hash: SHA256
> 
>   Message-Id: git-foo-bar@foo-bar.local
>   Full-SHA256: 2da2c0088c380f4cc5bf7bfdc75cb02b67ff806b712c42ea325ca33dffa57a7f
>   Message-SHA256: 31838769c24277114191c9595fe5ffc619a22f892a23c6812d090d2cac13e1dc
>   Patch-SHA256: 3ea940267d098d3e4d87d5475403197006956ea9fcbb9d84f37aa804c6cd8943
>   -----BEGIN PGP SIGNATURE-----
> 
>   iHUEARYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCXj22ZAAKCRC2xBzjVmSZ
>   ....
>   0SJaB7csojQUzZBzX1Ntx9F+OzNy8gY=
>   =lvaU
>   -----END PGP SIGNATURE-----
> 
> Full-SHA256 contains verbatim contents of master:m, while 
> Message/Patch-SHA256 contains the "msg" and "patch" output of "git 
> mailinfo". Separating it this way would allow someone to verify the 
> contents of a message even if it has been modified to remove headers or 
> mime-parts, e.g. for the purposes of creating a "git am" friendly mbox 
> file.

I'm not sure if Full-SHA256 is worthwhile.  Message-SHA256 could
include From/Date/Subject (e.g. the stdout of git-mailinfo) and
that'd be all the info necessary.

If anything, the git blob OID should be there instead of
Full-SHA256.  Having the git blob OID would make verifying the
full history of signatures possible w/o having to build a
Message-ID-based indexer (but they'd still need a full clone).

> The alternative is making these notes on the commits, but I believe that 
> has important scaling impacts.

git's also looking to get reftable support to make notes more
scalable, but a bunch of similar proposals haven't worked out
over the years, so far...  But notes would also interact badly
with -edit and -purge rewriting history.

> What do you think?

Seems doable, but then again hardly any kernel developers sign
stuff.  Maybe improving UI/UX can change that, I don't know...