On Mon, Jan 17, 2022 at 03:34:54PM +0100, Jason A. Donenfeld wrote: > If you're looking for a simple signature mechanism to replace the use of > X.509 and all of that infrastructure, may I suggest just coming up with > something simple using ed25519, similar to signify or minisign? Very > minimal code in the kernel, in userspace, and very few moving parts to > break. I am concerned that ed25519 private key management is very rudimentary -- more often than not it is just kept somewhere on disk, often without any passphrase encryption. With all its legacy warts, GnuPG at least has decent support for hardware off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best we have with ed25519 is passhprase protection as implemented in minisign (and even that is rudimentary -- if you need to sign 10 things, you will need to type in your passphrase 10 times, as there is no passphrase agent of any kind). The most promising non-PGP development of PKI signatures that I've seen lately is the openssh FIDO2 integration (the -sk keys) and support for signing/verifying arbitrary external content using `ssh-keygen -n`. It even does fairly sane things with identity/revocation/expiration via its allowed_signers implementation, even if I'm less excited about it all being in a single file. Everything else is just treating key management as something out of scope, and I'm worried that it's going to result in a net loss in overall security. -K
