-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring your own PKI #916
Comments
I won't comment on the Non-fulcio CA idea since I'm not really sure what that would mean -- following is likely only relevant to private deployments. I think our expectation has been that in future we could only support the trusted root format that root-signing publishes: this trusted root could come from a source other than root-signing TUF repo but preferably it would be the only supported way to configure any of the trust components. CLII believe the long term plan for the CLI specifically is to remove "individual trust component" flags as much as possible: It's really a pain to make the hundreds of combinations bug free, safe and understandable... Instead we'd like to just get a single "complete trust root" as argument. This could mean:
So for any non-standard trust components you'd have to build your own APIIn the API there may be more space to support other approaches as well:
|
Yep, this. Long term, there should be a single So yeah, in that case the BYO PKI scenario would only need to provide a Re: API: right now we have |
For supporting a private Sigstore deployment, I agree that long-term, providing a trusted root file seems like a good solution. Short term, can we make the TUF repository configurable with As for the non-Fulcio case, let's split out signing and verification. For cryptographic verification, it's mostly straightforward - You provide a Sigstore bundle (or maybe detached verification materials, but my preference would be requiring the bundle) and a key or certificate+chain, providing via the Signing is a bit trickier, because there's a lot of variation for what constitutes a signer. Should clients add support for raw keys? KMS? A key from a certificate that's verified during signing? All of these examples are supported by Cosign, although not with a clean API. I see a few options for the signing path:
The first would be nice, but might require changes to the python API to have a generic signer representation. |
That sounds good to me!
This make sense to me, up to and including cryptographic verification. Policy verification does seem hard, however 🙂 -- we currently have a pretty bare-bones boolean/FOL extension policy API in
I think this should be relatively easy to add to the pre-existing API -- we can do any sign/verify operations that pyca/cryptography supports, so we could add/amend an API to allow a |
This should be fairly easy. The only reasons I haven't done that yet are
|
That'd be nice and work for our use case. @major-security wdut?
What's a "verification policy"? As a first step, we can leave it up to the API caller to read the bundle and verify the chain+cert, before they themselves call the verification API. That does not preclude adding more advanced options later in sigstore-python, but reduces the commitment to take upfront for you. I think that would unblock us for model-transparency repo. @major-security please keep me honest
I'm not familiar with the format and scope. Is this file intended to support only keyless verification?
Agreed. Providing an API that enables folks to customize their signer is a first good step imo. If all they have to do is create an instance of a well-defined interface, it's already an enabler for adoption. |
Verification policy is what values are expected in a certificate. For a Fulcio certificate, we mandate checking the subject alternative name and a custom OID for the OIDC issuer. For BYO PKI, we don't know what extensions or OIDs are required, so it's easiest to leave policy checks up to the caller. For Cosign, we took the stance that a certificate should require an identity, since we wanted to always require identity flags. We recommended for BYO PKI use cases to extract the public key with something like https://smallstep.com/docs/step-cli/reference/certificate/key/ and handle verification of the certificate chain out of band. This may be something we revise in the future if we namespace BYO PKI signing and verification (like
|
Thanks everyone. Let me try to summarize for the case of non-Fulcio PKI - since it's the most complicated one. A solution would work as follows:
Does this look correct? |
friendly ping. Would love your feedback on my last comment. |
It should still be possible (or even strongly suggested) to verify a signing event was recorded in Rekor with only a public key. This was one of the motivations when I filed sigstore/protobuf-specs#236 to include public keys in the trust root file. |
@jku @woodruffw any comments or preference? |
I'm personally 👎 on having My strong preference here would be:
Under this, we'd support both BYO PKI and BYO key without making context-specific compromises on what "verification" means in sigstore-python (which we've been trying to ratchet down to "always includes Rekor verification"). |
LGTM. The only requirements (from verifier.py) is that the cert is a code signing cert. So existing PKIs should work seamlessly. For private deployments (a company's internal PKI):
LGTM. For private deployments, callers will have the ability to disable rekor / tlog, correct? |
This seems like a reasonable feature. There will be private deployments that don't need transparency, eg the artifacts are signed in the same trust boundary as artifact consumption. This seems reasonable to disable for both Fulcio's CT log and Rekor. For a data point, in sigstore-go, we have a verification options interface like https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_verification.proto#L49 for users to specify expected thresholds. |
Triaging: I think this will be covered under #1010: with that, |
Context: Overall we would like to offer a unified CLI / API (as part of https://github.com/google/model-transparency) to sign and verify AI artifacts.
We've received interest to support custom PKIs. IIUC, these come in two flavors:
--fulcio-root-pubkey
(--fulcio-url
is already supported) for signing, and--fulcio-root-pubkey
for verification.for (2): Given that sigstore-python already contains all the logic for verification, I think we could augment it with a new API that takes in an interface / object to let callers customize the certificate management / chain verification / etc. That would require defining the right interface to abstract the functionality we want. Fulcio / Sigstore would be the default certificate manager. Is this a reasonable approach? Wdut?
@haydentherapper @major-security
The text was updated successfully, but these errors were encountered: