Looking for help testing patch attestation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, all:

I'm reaching out to you because you're a security-oriented mailing list 
and would likely be among the folks most interested in end-to-end 
cryptographic patch attestation features -- or, at least, you're likely 
to be least indifferent about it. :)

In brief:

- the mechanism I propose uses an external mailing list for attestation 
  data, so list subscribers will see no changes to the mailing list 
  traffic at all (no proliferation of pgp signatures, extra junky 
  messages, etc)
- attestation can be submitted after the fact for patches/series that 
  were already sent to the list, so a maintainer can ask for attestation 
  to be provided post-fact before they apply the series to their git 
  tree
- a single attestation document is generated per series (or, in fact, 
  any collection of patches)

For technical details of the proposed scheme, please see the following 
LWN article:
https://lwn.net/Articles/813646/

The proposal is still experimental and requires more real-life testing 
before I feel comfortable inviting wider participation. This is why I am 
approaching individual lists that are likely to show interest in this 
idea.

If you are interested in participating, all you need to do is to install 
the "b4" tool and start submitting and checking patch attestation.  
Please see the following post for details:

https://people.kernel.org/monsieuricon/introducing-b4-and-patch-attestation

With any feedback, please email the tools@xxxxxxxxxxxxxxxx list in order 
to minimize off-topic conversations on this list.

Thanks in advance,
-- 
Konstantin Ryabitsev
The Linux Foundation



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux