←back to thread

Removing PGP from PyPI (2023)

(blog.pypi.org)
61 points harporoeder | 3 comments | 17 Oct 24 20:03 UTC | HN request time: 0.613s | source
Show context
upofadown ◴[17 Oct 24 22:50 UTC] No.41874613[source]
> Of those 1069 unique keys, about 30% of them were not discoverable on major public keyservers, making it difficult or impossible to meaningfully verify those signatures. Of the remaining 71%, nearly half of them were unable to be meaningfully verified at the time of the audit (2023-05-19).

A PGP keyserver provides no identity verification. It is simply a place to store keys. So I don't understand this statement. What is the ultimate goal here? I thought that things like this mostly provided a consistent identity for contributing entities with no requirement to know who the people behind the identities actually were in real life.

replies(2): >>41874636 #>>41874649 #
1. woodruffw ◴[17 Oct 24 22:56 UTC] No.41874649[source]
You're thinking one step past the failure state here: the problem isn't that keyservers don't provide identity verification, but that the PGP key distribution ecosystem isn't effectively delivering keys anymore.

There are probably multiple reasons for this, but the two biggest ones are likely (1) that nobody knows how to upload keys to keyservers anymore, and (2) that keyservers don't gossip/share keys anymore, following the SKS network's implosion[1].

Or put another way: a necessary precondition of signature verification is key retrieval, whether or not trust in a given key identity (or claimant human identity) is established. One of PGP's historic strengths was that kind of key retrieval, and the data strongly suggests that that's no longer the case.

[1]: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d695...

replies(1): >>41875432 #
2. upofadown ◴[18 Oct 24 01:01 UTC] No.41875432[source]
The SKS keyserver thing was 5 years ago. It seems to be working. Was uploading a key somewhere a requirement for submitting to PyPi? Why were the keys not available from PyPi?

It just seems to me that there wasn't anything here in the first place. Something something PGP keys. Perhaps they were hoping for someone to come along and make a working system and no one ever did.

replies(1): >>41875532 #
3. woodruffw ◴[18 Oct 24 01:21 UTC] No.41875532[source]
Could you clarify: which part seems to be working? The SKS servers certainly aren't, and the keyservers that are currently online don't appear to gossip or share keys with each other. That's why the post's dataset comes from querying the biggest/most popular ones manually.

> Was uploading a key somewhere a requirement for submitting to PyPi?

Where would "somewhere" be? If it was PyPI itself (or a server controlled by PyPI), replacing the key material would be trivial and would largely defeat the purpose of having signatures instead of just hashes.

In the past, "somewhere" could have been a gossiping SKS server. But that would tie PyPI's reliability and availability to that of the SKS network, which was never great even at its prime.

> Why were the keys not available from PyPi?

For the reason mentioned above: if PyPI is trusted to distribute the key material, then an attacker can simply replace the keys used to sign for the package. This makes it no better than having PyPI distribute hashes (which it already does), but a lot more complicated.

To my understanding, the reason PyPI originally accepted PGP keys is because someone asked for it and baseline expectations around security were more laissez-faire at the time: there was no baseline expectation that millions of people might be using `pip` (or `easy_install` at the time), and that all of them deserve the same integrity and authenticity properties as a small core of expert users. Those expectations have shifted over time towards the belief that ordinary users should also have signatures accessible to them, and I'm inclined to believe that's a good thing.