Why not simply use the hash value of a crate. After reviewing that crate, the name+version and hash value is added to a whitelist. Such a system could be distributed, many people would reviewing crates independently and one could compute the intersection of whitelists. Or people could link to whitelists they trust, building a web of trust. Furthermore a factor could be stated, indicating how much someone trusts a certain crate or whitelist.
The pros is ultimate security. The cons is complications during development and debugging.
hmm. a blockchain with a block algorithm that only accepts crates.io-signed blocks and refuses to replace packages/versions would solve the MITM problem I think. without being power-hungry and without 51% attacks. altho itās still hackable.
A simpler alternative to a blockchain is a transparency log like Certificate Transparency. Mozilla has done some work on applying this to the problem of binary transparency here:
I found this article unhelpful. While Stufft observes a number of real challenges in the space, at the root thereās a very common philosophy: āif it canāt be perfect, itās not worth it.ā They donāt present a solution, or argue that there isnāt a problem to solve.
Contemporary with this article was the beginning of TUF, which was being developed specifically to address the Python infrastructure - which is a bigger challenge, IMO, than Crates is. Since then, TUF has been adopted as the foundation of Docker Notary. Itās a solid approach that might be able to be applied wholesale.
Oh wow. Now that Iāve studied TUF a little bit, I think itās amazing. Thanks for bringing it up, Iāve learned something really cool ^^
Coming back to the conversation: I think TUF might be a really good option. It assumes there will be compromise of keys, and works to mitigate whatever impact that could have. Thatās really awesome.
If anyone wants to check TUF out, Iād recommend this video, which helped me a lot to really get the system.
What stops someone from MitMing a CT log? CT logs are designed to be cryptographically verifiable (indeed the main use case is verifying X.509 certificates prior to opening TLS connections).
It carries a digital signature (i.e. a Signed Tree Head, or STH). To verify something is included in the log you need an inclusion proof (i.e. fragment of a Merkle tree) which is ultimately rooted in an STH. If there isn't an inclusion proof for a particular binary, it isn't trusted.