System trust configuration and local root keygen
AbandonedPublic
Actions

Authored by eric_metricspace.net on Aug 3 2018, 1:54 AM.

Details

Reviewers

None

Group Reviewers

manpages

Summary

This is a part of the work on trust.

This adds a man page describing the system trust configuration, entries to the mtree files and hier(7) man page, and an rc script for generating local root keys.

This is not intended to be integrated anytime soon.

Test Plan

This has been tested out.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

eric_metricspace.net created this revision.Aug 3 2018, 1:54 AM

Herald added a reviewer: manpages. · View Herald TranscriptAug 3 2018, 1:54 AM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald Transcript

An alternative I'm considering: have a seldom-used master key named something like "machine", "master", "root", etc. which is the local trust root key. Have "local" be an intermediate keypair, signed by this master key. The master key acts only as a key-signing certificate; it cannot sign code or issue general signatures. The local key can issue more general signatures.

Then have signelf default to the local key, rather than the master key.

eric_metricspace.net added a child revision: D16563: Add signelf utility.Aug 3 2018, 2:23 AM

eric_metricspace.net mentioned this in D16563: Add signelf utility.

Trying to limit myself to reviewing as manpages and not getting into the design itself...

share/man/man7/trust-config.7
38	This is interpreted as "5)" being the macro argument. For parallelism, I'd suggest: .Po see .Xr signed-elf 5 Pc
39	Start new sentences on a new line, please.
43	TERMINOLOGY is not a standard section name (see mdoc(7)); perhaps a subsection is more appropriate, with a list for the individual terms?
69	intermediates are never leaf certs, right? Do you want to say that?
77	What are "assets"?
89	I'd suggest using a Bl variant that allows item heads and skipping the colons.
175	With the same file name, or DN/SAN? If the former, that's kind of an awkward requirement to impose.
185	I don't think Qq is very common -- I see a lot more Dq.
226	DEFAULT is also not a standard section name.

I've checked the mdoc syntax. It is going to be fine after the changes suggested by @bjk.

Cheers!

share/man/man7/trust-config.7
141	You may consider using `Qq Pa` for `.pem` (or `Dq` instead of `Qq` as suggested by @bjk).
142	You may consider using `Qq Pa` for `.pem` (or `Dq` instead of `Qq` as suggested by @bjk).
146	You may consider using `Qq Pa` for `.pem` (or `Dq` instead of `Qq` as suggested by @bjk).
185	Yeah, Dq is much more popular. In fact, you rarely see Qq and Sq in the wild: the only manpage I can remember to use those a lot is sh(1). Sq seems to be used primarily to quote single characters. If I were to rewrite most of manpages I'd go for Qq instead of Dq but it won't happen any time soon. 😄