Daniel P. Berrangé wrote:
On Thu, Aug 08, 2019 at 04:17:07PM +0200, Björn Persson wrote:
> Do you know of any project that signs releases with Minisign? I've
> never seen one.
See the "Software projects signed with Ed25519" section in this:
https://ianix.com/pub/ed25519-deployment.html
In that list I find five things that are packaged in Fedora:
· Minisign itself: Precompiled binary packages are signed, but not the
source code apparently.
· Sodium: There are both Minisign signatures and OpenPGP signatures.
· dnscrypt-proxy: Again, precompiled binary packages are signed, but
not the source code.
· Radare2: I can't find any signatures.
· OpenSMTPD: Signify signatures found.
So that's at least two packages that could start verifying signatures,
one of which can't be verified with GnuPG. At least it wouldn't be
entirely pointless to write Minisign into the guidelines.
IIUC, the key thing that makes signify/minisign a sound design are
that
they target a very narrow use case, offering just a single way to do
things, using current best practice algorithms. This immediately
eliminates a huge pile of historical baggage and complexity that you
get in PGP impls, which have been a reliable source of security problems.
It makes it easier for users to do the right thing when runnig the tools
as there's much lower risk of picking bad uninformed options.
That's great and all, but have there been any serious attempts to trick
Minisign or Signify into accepting a fake signature, by people who are
experienced in such attacks?
Cryptography is tricky stuff. It's very easy to overlook some detail.
Users should be wary of homegrown protocols that haven't been rigorously
analyzed.
Björn Persson