Comments (4)
Thanks, this is useful context. I think modelling the association to a principal via an interface with the extra Identify() method is quite dangerous in Go though, since anything that implements that method implicitly implements the interface. So, for instance, a "malicious" wrapper may not only implement EmitStatement, but also Identify so that it returns some other principal, which would allow it to impersonate something else. The top-level can still override that (and hopefully it does), but it's risky because if it forgets, then the impersonated principal will be used.
I guess another option is to instead use a method that accepts an object that implements EmitStatement, and then an explicit principal as another parameter. Then this method will only be usable by the top-level, so there is no risk of impersonation.
But let me know if there is something else I'm missing.
from transparent-release.
I don't actually think any of these choices defend against a malicious wrapper. Even if you just pass a principal as another argument, the text that a malicious wrapper emits in the body could be wrong. The point of separating it this way is to just let the consumer of the wrapper set the names of the principals separately from the bodies for convenience, not to defend against a malicious wrapper (I don't really think that's possible). So since none of these choices are indistinguishable in terms of defending against malicious wrappers, I am inclined to leave it as-is.
from transparent-release.
Even if you just pass a principal as another argument, the text that a malicious wrapper emits in the body could be wrong.
Yes, but at least (thanks to authorization logic) it would not affect others that don't already trust that principal, right? That to me seems quite desirable. Then again, of course all of this ends up compiled into a single binary, so it's hard to really say that someone trusts one wrapper and not another, but at least conceptually I think it makes sense.
from transparent-release.
Closing because we're not doing this
from transparent-release.
Related Issues (20)
- Use `multierr` instead of `VerificationResult`
- Better follow the go-style guide throughout
- Use cmp in tests
- Add `buildType` to `ProvenanceIR`
- Add verification step URI of repo
- Check that crash detection is generalizable for all types of crashes
- Extend Tests of Generate Endorser using Reference Values HOT 1
- Verify Provenance is built by a Trusted Builder
- Verify that a provenance is signed by a Trusted Builder
- Add `WithBuilderImageDigest` to `fromSLSAv02`
- Verify only values from provenance
- Document steps to add a new provenance format and field to `ProvenanceIR`
- Change `GenerateEndorsement` to take provenances as ProvenanceIR HOT 1
- Rename the "common" package to a more descriptive name
- Improve the claim-transparency documentation
- Deprecate Amber provenance
- Better package names in `pkg`
- Improve the use of strings in reference values & ProvenanceIR
- Allow provenance-less endorsement generation
- Include VerificationOptions in the endorsement
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from transparent-release.