Bastian Blank <wa...@debian.org> writes: > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: >> On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: >> > As others have said, the best solution is to relay on HSW for handling >> > the cryptographic material. >> Aren't these answers to different questions? >> Not all attacks are about stealing the key or using it to sign unintended >> things. > > Also a HSM does only allow to control access to the cryptographic > material. But it asserts no control over what is actually signed.
Transparency techniques are better suited to solve that problem: make sure that you don't trust a signature before verifying that the signature was publicly logged together with its artifacts, so that they can be independently audited and analyzed eventually. Preferrably even verify that the package artifacts build reproducible, but that takes more resources. Right now Debian trust signatures at face value which is fragile. The WebPKI world -- which is populated by untrustworthy private key signers -- has moved in that direction, and it does improve things. /Simon
signature.asc
Description: PGP signature
