/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Qubes Master Signing Key to dom0 #2544

Open
andrewdavidwong opened this Issue Dec 28, 2016 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
3 participants
@andrewdavidwong @rustybird @tasket
@andrewdavidwong
Member

andrewdavidwong commented Dec 28, 2016

As John David R. Smith suggested, the Qubes Master Signing Key should be included in dom0, to mitigate the risk of an MITM attack replacing the key. This would also provide users with an additional means of confirming that their copy of the key is genuine. (As a corollary, it's yet another place that an attacker would have to attempt to replace the key with a forgery in order to deceive users.)

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

@andrewdavidwong andrewdavidwong added C: other task labels Dec 28, 2016

@andrewdavidwong andrewdavidwong added this to the Release 4.0 milestone Dec 28, 2016

@rustybird

This comment has been minimized.

Show comment
Hide comment
@rustybird

rustybird Dec 28, 2016

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

qubes-core-vm provides /usr/share/qubes/qubes-master-key.asc in VMs, but providing it in dom0 too would help people who have their DVD writer attached to the same controller as their hard disk. They could burn a verified Qubes (and only Qubes) ISO in dom0 without breaking the security model.

rustybird commented Dec 28, 2016

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

qubes-core-vm provides /usr/share/qubes/qubes-master-key.asc in VMs, but providing it in dom0 too would help people who have their DVD writer attached to the same controller as their hard disk. They could burn a verified Qubes (and only Qubes) ISO in dom0 without breaking the security model.
@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Oct 24, 2017

This would be really nice to have in R3.2 about now. It makes the key verification a bit more secure, and helps users by removing several steps from the process. Even better if the R4.0 signing key is also included.

I think it makes sense to include the signing key for the next iteration in the current OS.

tasket commented Oct 24, 2017

This would be really nice to have in R3.2 about now. It makes the key verification a bit more secure, and helps users by removing several steps from the process. Even better if the R4.0 signing key is also included.

I think it makes sense to include the signing key for the next iteration in the current OS.

@andrewdavidwong andrewdavidwong modified the milestones: Release 4.0, Release 3.2 updates Oct 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment