Re: [Monotone-devel] Monotone Security

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Monotone Security

From:	Daniel Carrera
Subject:	Re: [Monotone-devel] Monotone Security
Date:	Thu, 16 Oct 2008 17:28:13 +0200
User-agent:	Thunderbird 2.0.0.17 (Macintosh/20080914)

Peter Stirling wrote:

The problem is that if you have the old key available to you, then youcan create revisions that will pass your test for 'earlier than <date>',
regardless of when they were actually signed.

Monotone lets you do that? I mean, I know that if you have shell accessto the database you can use sqlite to insert whatever you want, and thepaper already warns about shell access. But assuming that we are onnetsync, will Monotone allow you to sign a binary and claim a date thatis in the past?

Regardless of whether this stops the DOS attack or not, I think that itis important that the dates on the certificates be trustworthy.


In any case, I think that you proposed a more workable solution than mine:

The problem is probably not quite as dire as I originally thought.
Revisions include the hash of the parent revision so the DAG can't bespoofed (if I understand the mechanism correctly), so you only need
to examine revisions chains that are at the head of a branch
that are signed by the 'evil' key.
If you start from the last revision signed by a 'good' key you canassign someone to look at each child revision in turn, to see if it
should be kept. Once you find a bad revision, it, and all its children
can be kill_revision_locally'd by a script.

Yeah. This should work. You might have to do it for every head, but themain point is that you can do it - you don't have to cancel the project.Find the most recent revision date-stamped with a good key which isdated before the key compromise happened. Then kill every descendant ofthat revision. Repeat for every head.

With 10,000,000 bogus branch heads you might be forced to simply delete(recursively) every revision signed by the key that is at the head of a
branch (though this would risk losing useful stuff).


Slight modification:

foreach (head) {
    if (head is signed with bad key) {
        1. find the first ancestor revision of that head that is
        signed by a good key.
        2. delete every descendant of that revision.
    }
}



Daniel.

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/14
- Re: [Monotone-devel] Monotone Security, Timothy Brownawell, 2008/10/14
  - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/15
    - Re: [Monotone-devel] Monotone Security, Peter Stirling, 2008/10/15
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/15
    - Message not available
    - Message not available
    - Re: [Monotone-devel] Monotone Security, Peter Stirling, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera <=
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Jack Lloyd, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Jack Lloyd, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Nathaniel Smith, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Thomas Keller, 2008/10/17
    - Re: [Monotone-devel] Monotone Security, Zack Weinberg, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
    - Re: [Monotone-devel] Monotone Security, Ethan Blanton, 2008/10/16

Prev by Date: Re: [Monotone-devel] Monotone Security
Next by Date: Re: [Monotone-devel] Monotone Security
Previous by thread: Re: [Monotone-devel] Monotone Security
Next by thread: Re: [Monotone-devel] Monotone Security
Index(es):
- Date
- Thread