Workflows Archive on
 help / color / Atom feed
From: Konstantin Ryabitsev <>
To: Jason Gunthorpe <>
Subject: Re: Patch attestation RFC + proof of concept
Date: Wed, 26 Feb 2020 16:18:05 -0500
Message-ID: <20200226211805.4whl5fnxy5ydhs4u@chatter.i7.local> (raw)
In-Reply-To: <>

On Wed, Feb 26, 2020 at 05:04:42PM -0400, Jason Gunthorpe wrote:
> > - developer does all their work on a remote VM that doesn't have 
> > access to their PGP keys and submits actual attestation when they 
> > get back to their workstation
> Unfortunately this is a challenging work flow for a lot of reasons. :(

Can you describe why? I would expect that this is done fairly routinely 
due to having more compute power on a remote VM to run various tests.

> > - developer configures their smartcard to require a PIN during each 
> > operation and disables the pgp-agent; sending a series of 40 patches 
> > requires a single PIN entry instead of 40
> This is certainly my situation, my PGP key lives in a yubikey token
> configured for physical presence to confirm. :\

I'm in the same boat. :)

> > - developer submits a v1 of the patch that they don't expect to pass on
> >   the first try and doesn't bother submitting attestation; shockingly,
> >   the maintainer accepts it as-is and the developer can attest their 
> >   patches post-fact *without* needing to collect all the acked-by's 
> >   reviewed-by's etc from all others who have already responded to the v1 
> >   submission
> But there won't be tags in this case, so how do we learn the original
> attestation-id to find the detatched signature?

The attestation would be performed before all the follow-up tags are 
applied, so the attestation-id would be the same. After the patch is 
applied to a git repository, we can still use the "i" hash to look it up 
(see more below).

> > For example, a maintainer will almost certainly edit the message 
> > content to add their own Signed-off-by, and may edit the patch for 
> > minor nitpicking. 
> The i/p/m will always change once in git:
>    - The commit message is always changed, at least to add sign off
>    - The email Subject is always changed to strip [PATCH xxx]

This is already done by "git mailinfo" so I would expect that the i: 
hash almost never changes, actually, unless the maintainer actually 
edits the subject. Subject + Author + Email are sufficiently unique to 
be able to locate the attestation data of the exact patch.

> If we know the expected ID then you could do some fuzzy scheme to
> cancel out, or at least check, the differences..
> We have many patches now that have Link: trailer. I think it would be
> useful to run some analysis:
>  - Fetch the original patch email from the Link and compute the
>    detached signature hashes
>  - Attempt to validate this sigature against the git commit
>  - Is there a fuzzy algorithm that brings this rate higher?

So, the goal is not really to perform attestation once the patches made 
it into the git tree. I am specifically trying to address the following 

- Someone poses as a trusted developer and submits a malicious patch
- Someone bribes me to edit a patch on to introduce a 

Currently, maintainers have no mechanism to check against either of 
these cases. Adopting end-to-end patch attestation resolves both 

> > Full i-m-p attestation will fail in this case, but we can then query 
> > the signatures archive for each individual hash to identify which 
> > part of the submission fails validation:
> >
> >
> > This lets us present the maintainer with more useful info, like: "full 
> > attestation failed, but the only changed part is actually the message 
> > and not the patch content, so it's probably still okay to apply."
> How does the message body get changed in transit from the submitter to
> the maintainer?

It shouldn't, because this means that the patch becomes mangled. We do 
perform a single normalization routine, which is converting all '\r\n' 
into '\n'. Any other changes done to bodies mean broken patches.


  reply index

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-26 17:25 Konstantin Ryabitsev
2020-02-26 17:50 ` Kees Cook
2020-02-26 18:47   ` Konstantin Ryabitsev
2020-02-26 20:11 ` Jason Gunthorpe
2020-02-26 20:42   ` Konstantin Ryabitsev
2020-02-26 21:04     ` Jason Gunthorpe
2020-02-26 21:18       ` Konstantin Ryabitsev [this message]
2020-02-27  1:23         ` Jason Gunthorpe
2020-02-27  4:11 ` Jason A. Donenfeld
2020-02-27 10:05   ` Geert Uytterhoeven
2020-02-27 13:30     ` Jason A. Donenfeld
2020-02-27 14:29   ` Konstantin Ryabitsev
2020-02-28  1:57     ` Jason A. Donenfeld
2020-02-28  2:30       ` Jason A. Donenfeld
2020-02-28 18:33         ` Konstantin Ryabitsev
2020-02-28 17:54       ` Konstantin Ryabitsev
2020-03-06 16:53       ` Geert Uytterhoeven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200226211805.4whl5fnxy5ydhs4u@chatter.i7.local \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Workflows Archive on

Archives are clonable:
	git clone --mirror workflows/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 workflows workflows/ \
	public-inbox-index workflows

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone