Support a "neutral" IdP #444
Comments
|
A nitpick, the issue you probably meant is #371. |
|
Discussing only the Fulcio aspect, I see no reason why we wouldn't be willing to add an IDP into either Dex or directly into Fulcio's IDPs, as long as the IDP abides by the list of requirements discussed in #397. I've already chimed in on my thoughts around another global IDP, namely as long as identities are scoped by domain, we minimize risk. It's also important to recognize the significant effort behind running an identity provider with accounts - Account management, MFA, etc. It's worth considering the tradeoff between managing that service in comparison to key-based signing, which is another option for non-identity based signing. Is there a particular topic you're looking to get more clarity on that's not already been discussed in other issues? |
(Possibly off-topic) I have an off-the-wall idea for an "anonymizing OIDC proxy."Basically, it would be both an OIDC client and provider. The flow:
This gives you consistent, private identifiers (provided the salt is consistent), but it does mean that a leaked salt is a big deal. You could stick it in KMS or something which helps a little. The OIDC service can then be pretty simple doesn't have to keep track of accounts, do 2FA, etc.) and can be stateless.
Agreed; this is also my recommendation for now.
Ha, fair question :) Mostly I'm looking to:
|
How do you write verification policy for such a scheme? This is my main concern with any pseudonym-based identity. As the original signature creator, you can verify your own signatures since you know what was used to construct the hash. As a verifier, you either need:
The next step would be distributing the hash pseudonymous identity publicly so individuals or ecosystems can create a policy. Options could include:
Distributing the pseudonym identities via the ecosystem opens up another can of worms.
I don't think pseudonym identities are the way to go currently for an ecosystem due to the difficulties with creating verification policies. It's fine for a small developer who doesn't need to write policy at scale, but at that point, I'd encourage GitHub or key-based signing.
One other good option is signing originating from GitHub Actions. The certificate is tied to the identity of the GitHub Actions workload, with no user identifiers. I've also begun work on using GitLab as an alternative, since they now support OIDC. This should mitigate some concerns of vendor lock-in. |
I think these issues can all be mitigated. I'll describe the language package manager setting for clarify.
Correct; I don't see this as a dealbreaker.
The idea is that the package repository would support OIDC logins, and you could do your initial login/publication for a package manager as
These pseudonyms would be public (which has its own downsides—metadata can link packages written by the same pseudonymous author), so changes could be detected (possibly using a transparency log or similar). The goal here is consistency: I don't learn that package X was created by developer Y, but I do know that package X was signed by the same developer that signed it yesterday. I still don't think this is necessarily a good idea, just because "package X written by pseudonymous author Y" is a little bit of a sketchy proposition. Though maybe that's good information for downstream users to have.
👍 |
This is an interesting point. This means that package verification becomes trust-on-first-use (TOFU) - A verifier pins an identity, and as long as it doesn't change, it's trusted. I think we should aim to avoid TOFU where possible, because it gives attackers an opportunity for compromise for first-time consumers. This is also tricky because it makes it hard to change the identity of the signer. Let's say a project transfers maintainers, or maybe simply a set of maintainers rotates who signs the package. There may be a legitimate reason for the identity of the signer to change, but a verification policy can't distinguish between that and a compromise.
Yea, it's a far weaker claim than "package X is written by the same author that published the resource", and the artifact's author is auditable outside of the ecosystem. |
|
I think TUF techniques address both of those problems:
If we use TUF to manage the delegation to pseudonyms and distribute the trust root with the download tool, it's not really TOFU. And, as in the usual TUF context, a transparency log can help here. The "consistency" property is over the lifetime of the repo, not the verifier's local state.
I think using TUF to manage delegation to pseudonyms would allow for this; you could imagine "a pseudonym can sign over rights to another identity" or "the targets role may delegate to a new identity." Fundamentally, I see a pseudonym using such a proxy as exactly the same as a login from a standard OIDC provider using a pseudonymous account, inheriting the usual suite of problems and workarounds. This fits nicely with my philosophy of "Fulcio should allow many identity providers, but most consumers should only accept a limited subset of 'golden' IdPs" (but less well with a philosophy like "Fulcio should be quite discriminating about accepting IdPs, so every Fulcio signature has at least some baseline amount of legitimacy"). Caveat emptor, of course. I still think that a true privacy-respecting IdP operated by an organization with a lot of trust would be better, or just having the repository manage pubkeys themselves.
In some sense, I'd argue this is just using GitHub Actions as the anonymizing proxy. |
|
I think where I'm getting stuck on is that initial step of an identity delegating trust to a pseudonym. Without an authentication mechanism (e.g. OIDC), it'll be hard to associate an identity with a pseudonym in such a way that prevents anyone (someone not in control of the identity) from creating that association. I'm just concerned about the complexity of such an approach in comparison to its benefit.
I definitely agree. Given that verification policies aren't well fleshed out though, I'm very hesitant to add any more IDPs that are globally scoped. Adding domain-scoped IDPs are much safer.
The primary difference is the ability to verify the releaser is clearly linked to the release. We could imagine a pipeline where a release is signed by the GitHub identity and is pushed directly to the package repository through Actions. If the package repository is aware of the source repo, a verification policy can be set up to verify the signed release. |
We can use an authentication mechanism: you'd create/log-in to your PyPI1 account using OIDC, but instead of using Google as your IdP, you'd use OIDCProxy.com as your IdP (which would use Google as its IdP). The important thing is that we keep track of the identity (pseudonymous or otherwise) used to initially publish a package, and enforce that it remains the same.
Despite vociferously defending this approach, I totally agree. 😄 I think it would be just a proof-of-concept until a sufficiently compelling use case came along.
Got it. So this would just be GitHub asserting "this build comes from this repo at this SHA," rather than asserting anything about continuity-of-identity for the maintainer, that makes sense. Footnotes |
|
Well, you @-mentioned me, so now you get a reply. 🙂 My two cents: This seems like it's just shifting complexity from artifact providers to whoever would run a neutral IdP, and possibly increasing complexity as a result. Here's the flow I'm imagining if artifact providers are also identity providers:
Compare this with (what I understand to be) the flow for a neutral IdP:
Which raises the following questions for me: I see TUF being proposed to manage the link between artifact -> neutral identity, but what about the reverse? How does the artifact provider know to accept signatures from one neutral identity and reject them from another in the first place, unless this is TOFU? If the project changes hands, does the 'neutral' identity change or stay the same? If it stays the same, how does the 'neutral' IdP correlate the old and new maintainer identities? If it changes, how does a user distinguish between the project changing hands between trusted maintainers and a compromise where someone who shouldn't be able to sign an artifact has become able? In the event that we're signing in a non-interactive environment (e.g. GitHub Actions) how does the 'neutral' IdP correlate a build environment identity with a 'neutral' identity, unless the 'neutral' IdP also maintains and stores the same links between a project and its build environment (that the artifact provider would already be maintaining anyway)? |
Context:
Proposal
One potential resolution to these concerns is a "neutral" OIDC IdP, perhaps run by a nonprofit or some other non-corporate entity, with strong support for user privacy and security. This allows tying artifact signatures to a privacy-friendly identity (perhaps a pseudonym). The OpenSSF package manager security not-quite-working group is very invested in this, as it would substantially ease sigstore adoption in this setting.
Scope
This is a huge issue in that actually fixing it might involve standing up a production-quality service with an on-call rotation, etc. Hopefully that wouldn't all be organized here.
Let's scope this issue to discussing:
I'd prefer to discuss the following elsewhere:
Edit: fixed link to #371 (thanks @jchestershopify!)
The text was updated successfully, but these errors were encountered: