Re: [RFC] tag-ref and tag object binding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 27, 2016 at 09:09:31PM +0100, Michael J Gruber wrote:

> "subkey" and "uid" are different things. You bind a subkey to your
> primary key with that self-signature. subkeys don't carry any other
> signatures.
> 
> A primary key "carries" the uids, and whenever someone "signs your key"
> they in fact sign a specific uid - usually all, resulting in multiple
> signatures, one for each uid of the (primary) key.
> 
> A key is usually considered trusted if it carries "a" signature from a
> trusted key.
> 
> So, assuming my key carries a signature from a trusted key to at least
> one uid, it would be trusted no matter what (fake) uids I add to it later.

Right. I think I didn't do a good job of explaining myself earlier, so
let me try to rephrase.

When we look at the v2.7 tag, GPG sees that we are signed by Junio's
subkey, 96AFE6CB. It then knows that belongs to the main public key
713660A7, because the main key signed the subkey. And then it sees that
there are several uids for that main key, each with their own signatures
by other people.

So of the three uids that I have for that key:

  pub   4096R/713660A7 2011-10-01
  uid                  Junio C Hamano <gitster@xxxxxxxxx>
  uid                  Junio C Hamano <jch@xxxxxxxxxx>
  uid                  Junio C Hamano <junio@xxxxxxxxx>

it reports back to git only one (the pobox.com), which we relay to the
user via --raw. If we wanted to check that the key matches the "tagger"
header, that works. But why did gpg return that first uid, and not any
of the others? We would ideally see all of them, and consider it OK if
it matches any uid (assuming that uid is sufficiently signed for gpg to
consider it valid).

Weirder, if you _don't_ use "--raw", the human-readable output gives us
all of the uids as "aka" lines:

  $ git verify-tag v2.7.0
  $ git verify-tag v2.7.0
  gpg: Signature made Mon 04 Jan 2016 05:08:12 PM EST using RSA key ID 96AFE6CB
  gpg: Good signature from "Junio C Hamano <gitster@xxxxxxxxx>"
  gpg:                 aka "Junio C Hamano <jch@xxxxxxxxxx>"
  gpg:                 aka "Junio C Hamano <junio@xxxxxxxxx>"

  $ git verify-tag --raw v2.7.0
  [GNUPG:] SIG_ID xFANmHj+QJ1gwIcoRuT5BF/y8H4 2016-01-04 1451945292
  [GNUPG:] GOODSIG B0B5E88696AFE6CB Junio C Hamano <gitster@xxxxxxxxx>
  [GNUPG:] VALIDSIG E1F036B1FEE7221FC778ECEFB0B5E88696AFE6CB 2016-01-04 1451945292 0 4 0 1 2 00 96E07AF25771955980DAD10020D04E5A713660A7
  [GNUPG:] TRUST_FULLY

It seems like we should be able to get the raw-output to tell us all of
those uids. I guess it is not the end of the world to go back to gpg and
say "give me all of the valid uids that match this signing key", but it
seems silly to have to do so.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]