Re: Landing a larger-than-release change (distrusting SHA-1 signatures)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2022-03-08 at 20:51 +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Mar 08, 2022 at 07:40:15PM +0100, Alexander Sosedkin wrote:
> > the only realistic way to weed out its reliance on SHA-1 signatures
> > from all of its numerous dark corners is to break them.
> > Make creation and verification fail in default configuration.
> 
> That sounds like a terrible plan. We should make newer hashes
> the default, and we can make tools print a warning if sha1 is used
> where it shouldn't, but please don't break things on purpose.
> 
> For many many things sha1 is just fine. Just like md5 or even
> crc32. Not everything is about cryptographic security.

I would like to make it clear that this is just for *Cryptographic
Signatures*, this is not a plan to block SHA-1 for all uses.

And for Cryptographic Signatures everything is about cryptography and
SHA-1 is not safe anymore.

And to be extra clear this means: Certificates, TLS session setup,
DNSSEC (although a lot of signatures are still SHA-1 based there ...),
VPNs session establishment, PGP, etc...

> Also, users will want to verify old signatures essentially forever.

This is only reasonable for stuff like emails, where you may have a
reasonable expectation that the archived messages have not been
tampered with after the fact. Allowing verification of signatures with
SHA-1 for any "online" communication would be pointless.

> This should be always possible. And finally, the world is huge,
> and other users will provide sha1 signatures no matter what we do,
> and it is better to check those than to completely ignore them.

We need to move the needle at some point. We will be able to set LEGACY
crypto policies to allow SHA-1 verification, but we need to be First
and Secure here as well.

Simo.

> 
> Zbyszek
> 
> (This is a bit like browsers disliking self-signed certs and http://
> — it certainly is OK to make users aware of the issue, but actually
> disallowing those is terribly annoying and will only result in users
> jumping to different tools.)
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux