Hello Eric, On Sun, Oct 22, 2017 at 06:14:40PM -0400, Eric McCorkle wrote: > The following is a write-up of my current design for a public-key trust > system: > > https://www.metricspace.net/files/freebsd_trust.pdf
Two minor things while reading:
1. p2: from a end-user perspective, `trustctl` expects DER encoded
certificates and CRL; while `certs` and `rootcerts` outputs PEM
encoded certificates… So the formats are not the same, and maybe
consistency would be advisable here;
2. p3: 'the preferred configuration' is said to be the most used one,
but as described it only includes a single crt+key and does not look
suitable for distributing upgrades with freebsd-update(8).
Unless I missed something, I guess it's just the way it is described
that needs disambiguation:
- "local nodes" are basically what is described as "Preferred
configuration", and have a single key+crt.
So these nodes can only run the code they signed.
- "high-security institutions" are kept as it, that is a single crt;
So these nodes can only run code signed by the institution.
Hybrid systems can be built by having more than one root node:
- "preferred configuration" have a local key+crt (as an local node)
AND the FreeBSD's project crt.
So these nodes can run FreeBSD's code and their own code.
- "standard FreeBSD images" as described have the FreeBSD's project
crt. When installing, they generates a local key+crt and add them
with the FreeBSD crt to the new system's trust store. So these
images have the "high-security institutions" scheme, and install
systems in the "preferred configuration" scheme.
Thanks!
Romain
--
Romain Tartière <rom...@freebsd.org> http://people.FreeBSD.org/~romain/
pgp: 8234 9A78 E7C0 B807 0B59 80FF BA4D 1D95 5112 336F (ID: 0x5112336F)
(plain text =non-HTML= PGP/GPG encrypted/signed e-mail much appreciated)
signature.asc
Description: PGP signature
