[Rpm-maint] [rpm-software-management/rpm] Phasing out obsolete crypto in rpm (#1292)
Demi Marie Obenour
notifications at github.com
Sat Dec 26 03:49:38 UTC 2020
> > > Besides the currently obsolete things, new things need to be built with the mindset that all crypto _will_ become obsolete over time, and avoid putting it into new places where it only gets in our way eventually.
> >
> >
> > I suggest avoiding algorithm agility as much as possible. It is great in theory, but in practice, it leads to a bunch of extra complexity, which in turn causes exploitable vulnerabilities. The current header parsing code is already _far_ too complex.
> > Instead, choose _one_ ― and only one ― set of algorithms. Drop support for all the others. And change the file version number when an algorithm change is needed. That’s what signify, age, WireGuard, and most other new cryptographic protocols do.
>
> This would be a pretty bad idea for any archive format. That would mean we'd be making incompatible revisions of RPM very frequently, which would cause a whole host of problems as things move forward. Algorithm agility is the _only_ reason that new algorithms are easily adopted _at all_. If you decide to make algorithm selection part of the protocol/file format itself, you wind up with a different trap: the inability to upgrade. I think we can all agree that is a much worse outcome.
That’s understandable, and something I had not considered. Much of the complexity of the current format is not actually due to algorithm agility.
That said, versioned protocols do not prevent backwards compatibility. For example, v1 of a file format might use RSA signatures, v2 Ed25519, and v3 a hybrid of Ed25519 and CRYSTALS-KYBER (a post-quantum scheme). An implementation can support more than one version.
> Your examples are also sufficiently immature that there is no way that any of them have seen the consequences of those choices. WireGuard itself was only mainlined fairly recently, and has no current plan for dealing with the inevitable issue of cross-version (thus incompatible) client and server mixes existing in production. As for signify and age, any project from OpenBSD winds up being problematic because longevity, compatibility, and accessibility are not virtues held by the OpenBSD project.
I suspect that the upgrade plan is to run both v1 and v2 services for a while, and eventually stop the v1 service.
> It is important to recognize that security enhancements need to be balanced with usability and accessibility, otherwise nobody will use either for long. RPM has also been around for 25 years, and until _very_ recently, all RPMs produced in that timeframe were still accessible by the latest version of RPM.
That’s understandable.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1292#issuecomment-751315070
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20201225/7aa09070/attachment.html>
More information about the Rpm-maint
mailing list