[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
noreply at wordpress.org
Thu Aug 1 03:41:18 UTC 2013
#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by rmccue):
Initially, I was thinking that this might cause problems with load,
especially for downloads. However, if we generate a key statically (that
is, it's not time-based), then we can use this fairly freely with regards
to that. As for performance, I'm not sure how fast generating signatures
dynamically is, but I suspect not fast enough to perform in userland PHP.
Ideally, this could be run on the upstream server (nginx for
api.wordpress.org).
There are tonnes of projects that sign their downloads with GPG and make
that signature available, so this seems like a fairly tried-and-tested
solution. There is a [http://www.php.net/manual/en/book.gnupg.php GPG]
extension in PECL, but no other support. As far as I know, OpenPGP is just
a layer on top of the actual encryption, so we *could* look at
implementing that (which [https://github.com/jasonhinkle/php-gpg has
partially been done]), but that smells a lot like implementing our own
encryption (duck_ may know further on this one).
I think for now:
1. Start signing core and plugin releases on .org, which can be done
statically when the zips are built
2. Include the public key for releases (in an unfilterable manner, most
likely in `version.php` or similar).
3. Start checking the signature for downloads against the public key
While this is being worked out, we can hopefully do performance testing to
indicate whether it's viable to sign all requests. Regardless of SSL, we
should probably be checking a signature anyway.
Thoughts?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list