theartisan changed the topic of #rubygems-trust to: Current Status: drafting requirements. please leave comments on http://goo.gl/ybFIO :: Logs at http://irclog.whitequark.org/rubygems-trust
Leeky has quit [Ping timeout: 256 seconds]
Mopman has quit [Ping timeout: 255 seconds]
Mopman has joined #rubygems-trust
Leeky has joined #rubygems-trust
qmx|away is now known as qmx
<tarcieri> lol
<tarcieri> everyone's got opinions
workmad3 has quit [Ping timeout: 252 seconds]
qmx is now known as qmx|away
kseifried has quit [Quit: Leaving]
kseifried has joined #rubygems-trust
kseifried has quit [Changing host]
kseifried has joined #rubygems-trust
havenwood has joined #rubygems-trust
<theartisan> "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." -- Douglas Adams
<kseifried> towel life 4eva!
* theartisan carries a towel with him just incase of random space adventures.
havenwood has quit [Remote host closed the connection]
havenwood has joined #rubygems-trust
havenwood has quit [Ping timeout: 264 seconds]
<yorickpeterse> morning crypto weeaboos
geal has joined #rubygems-trust
geal has quit [Ping timeout: 256 seconds]
geal has joined #rubygems-trust
geal has quit [Ping timeout: 276 seconds]
geal has joined #rubygems-trust
billdingo-afk is now known as billdingo
billdingo is now known as billdingo-afk
billdingo-afk is now known as billdingo
qmx|away is now known as qmx
geal has quit [Ping timeout: 256 seconds]
geal has joined #rubygems-trust
workmad3 has joined #rubygems-trust
bradland has quit [Read error: Connection reset by peer]
bradland has joined #rubygems-trust
workmad3 has quit [Ping timeout: 256 seconds]
havenwood has joined #rubygems-trust
geal has quit [Ping timeout: 252 seconds]
geal has joined #rubygems-trust
qmx is now known as qmx|lunch
autumn has joined #rubygems-trust
qmx|lunch is now known as qmx
geal has quit [Ping timeout: 252 seconds]
billdingo is now known as billdingo-afk
pencil has quit [Quit: ZNC - http://znc.in]
<raggi> any of the TUF guys still here?
pencil has joined #rubygems-trust
<dstufft> don't see any names I recognize
<dstufft> I saw they posted on rubygems mailing list tho
havenwood has quit [Remote host closed the connection]
havenwood has joined #rubygems-trust
havenwood has quit [Ping timeout: 260 seconds]
workmad3 has joined #rubygems-trust
geal has joined #rubygems-trust
bradland_ has joined #rubygems-trust
bradland has quit [Read error: Connection reset by peer]
bradland_ is now known as bradland
geal has quit [Ping timeout: 256 seconds]
qmx is now known as qmx|away
<raggi> tarcieri: so, TUF can have multiple root keys, and then do quorum
<tarcieri> raggi: cool
<raggi> tarcieri: so we don't necessarily even need to store it in a split vault, we can just issue a list of root keys to key stakeholders, and use that instead
<raggi> it's more crap to distribute in the client, but much safer overall
<tarcieri> raggi: what I was describing was for the actual root key, which would be used to manage that "list"
<raggi> oh, there isn't one
<raggi> because the roles are split
<raggi> or at least ,there doesn't have to be
<raggi> and in fact, we could make one, countersign the group of root keys
<raggi> and then destroy it completely
<raggi> without really compromising anything
workmad3 has quit [Ping timeout: 252 seconds]
<tarcieri> raggi: no danger in keeping it around, especially in split key form
<tarcieri> raggi: basically that's a key that never comes out except for Extreme Circumstances
<tarcieri> heh
<raggi> i guess so
<raggi> like quorum all being at a conference together
geal has joined #rubygems-trust
<raggi> getting held at gunpoint and their root keys forced otu of them
<raggi> which still relies on them carrying those
<raggi> which would be... unwise
<tarcieri> yeah heh
<raggi> so, do we think that many people / projects would be willing to use dual author signing?
workmad3 has joined #rubygems-trust
<geal> raggi: sorry to interrupt, but dual author signing? What is it? How is it implemented?
<raggi> geal: so a system like tuf has the ability to have many signatures at different roles/levels
<geal> oh, nice
<geal> and useful too
<raggi> geal: and it would essneitally possible for a project to say "all releases for this must have at least 2 of 5 signatures from the following keys in order to be valid"
<raggi> even before the distribution platform would accept an upload
<raggi> but i don't know if people would really use that
<geal> there is a key distribution problem, but if deployed correctly, that makes a very resilient system
<raggi> no need to distribute, they'd be authorized by higher level metadata
<geal> ok
<dstufft> raggi: RubyGems still thinking of using TUF then?
<raggi> dstufft: i'm still looking into it
<raggi> it's the most complete thing to go past so far
havenwood has joined #rubygems-trust
geal has quit [Ping timeout: 256 seconds]
<raggi> dstufft: ssl and irrevocable signing essentially change nothing about the incident response practices from where they are today, by contrast, most incident response in a tuf design is largely automated, and that's acutally a real improvement
<raggi> i'm also quite interested in the idea of publisher selectable levels of end to end trust (the signature threshold for releases)
<raggi> the system is larger, and will require a lot more to write, but, it's also a significant step forward from most other deployed solutions today