Open hayden-cardwell opened 3 months ago
Obviously this doesn’t protect against a nation state level attack Why wouldn't it? Snowden used GnuPG and he is still alive.
Can't tell if trolling, but if not, I was referring to a VERY hypothetical situation where a nation-state level actor could target S2, compromise the private key, and then publish a modified GhostNet document signed with the private key they stole, nothing more.
Signing the documents would essentially move the attack surface from S2's GitHub account to S2's personal device. This would also allow S2 to move the document to another site easily (as users could verify using S2's public key they already have saved).
Not trolling. There exists provisions in GnuPG for revoking a key; but given the content of this repo I'm not really sure of it's necessary. Plus, S2 could always publish a video if a major change happens. Most radio operators are more then capable of critical thought and judging frequency changes for themselves.
My bad there, I forgot about the key revocation functionality (and key servers in general, to be honest), so you're absolutely right, that would be an option.
That being said, I'm in agreement that going to that extent is probably unnecessary for the contents of this repo. There's probably some room for a wider discussion about cybersecurity/identity verification of S2 to be had, but that's way outside of the scope for this issue, even if I do hope it gets covered someday.
This is a nit, but I would recommend considering something like minisign. PGP is... a beast, and probably less secure (in the grand scheme of things) than having one known minisign key.
Can easily have both, however.
Good look, and I think I'd probably agree with you that from a practical perspective, Minisign (or any other lightweight open source signing tool) would make more sense. I'll change the title of the issue accordingly.
In this issue it was mentioned that document modification/forgery is a concern. While it would still require individuals to verify a given version of the document is legitimate on their own, PGP signing the PDF would allow for verification to exist outside of GitHub, especially if your PGP key was shared in tamper resistant ways (timestamped on pastebin for a low complexity adversary example).
Easy to follow guide on Medium
Official Docs
Obviously this doesn’t protect against a nation state level attack on S2 Underground personal devices, but operating on that assumption is both incredibly difficult and probably not warranted.