jdswinbank / Comet

A complete VOEvent transport system
http://comet.transientskp.org/
BSD 2-Clause "Simplified" License
23 stars 10 forks source link

Add apparmored GnuPG signatures #61

Open lpsinger opened 5 years ago

lpsinger commented 5 years ago

LSC/Virgo is conducting a security review of its low-latency alert pipeline, and has recommended that we add some message authentication to our GCN notices. Is there any chance of the signature scheme described in your documentation landing in a release any time soon?

jdswinbank commented 5 years ago

Hi @lpsinger — unfortunately, I don't expect to have time to work on this myself in the near future.

That said, I'm very interested to hear that this is important to you: in most discussions to date, event authentication has been treated as something that would be nice to have someday, rather than an immediate priority. If that's changing, I'll certainly take that into account in future development.

BobDenny commented 2 years ago

@lpsinger, @timstaley, and @jdswinbank I have just completed a Python class for applying and validating OpenPGP digital signatures, along with command line tools (Python scripts) for signing and validating. My hope is to help make this happen. I know this is probably too late, I just saw this a few weeks ago.

The OpenPGP signature is totally transparent to brokers (as long as they don't alter messages as they pass through, which they should not eh?). The publisher signs the message, and the receiver validates it. I see that Comet has a filtering system. Interesting. I always thought that the VOEvent infrastructure should carry everything and leave the receivers to decide what is interesting. I suppose Comet could use the presence of a signature as an alternative to publisher whitelisting, and also sign its own test messages.

@jdswinbank @timstaley It looks like the comet-sendvo script could be enhanced to send signed messages with a few lines of code (options for key ID and passphrase, pass event through the Sign(xml, keyid, passph) function then call task.react() etc. with the signed event.

In any "event" @lpsinger it is of course a "chicken and egg" problem. If you produced signed messages it would have no effect except for those people who are interested in identity and integrity from GCN. Comet would simply pass them through to your recipients who would only see some "interesting" XML comments so no effect on current receivers. If you're interested I can make my GitHub repo public. It has RTD-flavor HTML docs and signer/checker tools.

jdswinbank commented 2 years ago

Hey @BobDenny — good to hear from you!

To be honest, further work on Comet isn't near the top of my list at the moment; just too many competing priorities. Further, I'm guessing that @lpsinger and GCN have done something else. However, if you have code to share or perhaps even a PR which would be relevant, I'd be more than happy to take a look (although I can't promise a fast turnaround I'm afraid).