Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attestation transparency logs #13

Open
kpcyrd opened this issue Apr 28, 2020 · 8 comments
Open

Attestation transparency logs #13

kpcyrd opened this issue Apr 28, 2020 · 8 comments
Labels
enhancement New feature or request

Comments

@kpcyrd
Copy link
Owner

kpcyrd commented Apr 28, 2020

In extension to #12 there should be a tamper resistant log, similar to certificate transparency.
@tarcieri
Copy link

I had a (rather "ambitious") idea of how this could be done using BFT consensus around quorum builds:

https://github.com/iqlusioninc/synchronicity/blob/develop/README.md#about

A simpler approach would be to log to something like Google Trillian.

@SantiagoTorres
Copy link
Sponsor Contributor

I'd love to explore the possibility of using BFT. I think the question regarding trillian would be to create a profile, which is something we've explored of doing in the in-toto team...

@tarcieri
Copy link

tarcieri commented Apr 28, 2020
edited

I think the question regarding trillian would be to create a profile

Trillian "Personality", but yes

https://github.com/google/trillian/blob/master/docs/Personalities.md

The Golang "SumDB" uses one for this purpose, I believe:

https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md

@Foxboron
Copy link

I personally have some motivation to look into the sumdb code from golang. It's frankly simpler then the trillian monstrosity using grpc and god knows what.

@tarcieri
Copy link

@Foxboron sumdb uses Trillian:

https://blog.golang.org/module-mirror-launch

The checksum database is served by sum.golang.org, and is built on a Transparent Log (or “Merkle tree”) of hashes backed by Trillian. The main advantage of a Merkle tree is that it is tamper proof and has properties that don’t allow for misbehavior to go undetected, which makes it more trustworthy than a simple database. The go command uses this tree to check “inclusion” proofs (that a specific record exists in the log) and “consistency” proofs (that the tree hasn’t been tampered with) before adding new go.sum lines to your module’s go.sum file. Below is an example of such a tree.

@Foxboron
Copy link

Wait, what. Now I'm confused by what the mod/sumdb is suppose to contain. There is no traces of trillian anywhere in their github org. Is the backend proprietary?

@tarcieri
Copy link

tarcieri commented Apr 28, 2020
edited

It contains a client for verifying go.sum attestations as served from https://sum.golang.org. See the API here:

https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md#checksum-database

The verifiable log behind https://sum.golang.org is managed by Trillian. I'm not sure if the personality they're using is open source or not (I can't find it quickly, but have pinged the relevant people)

@Foxboron
Copy link

Foxboron commented Apr 28, 2020
edited

Right, so I checked the gopher slack and it is indeed proprietary. It's apparently "not a lot of code" on top of trillian, but the storage code is heavily tied to what I assume is GCP and the storage there.

That is a bit unfortunate I think.

@kpcyrd kpcyrd added the enhancement New feature or request label Dec 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tarcieri @Foxboron @SantiagoTorres @kpcyrd