Congratulations! Missing 3.0.0 tag?

Randall S. Becker rsbecker at
Thu Sep 9 21:03:21 UTC 2021

On September 9, 2021 4:34 PM, Steffen Nurpmeso wrote:
>Randall S. Becker wrote in
> <014c01d7a5b7$a0a7d1f0$e1f775d0$>:
> ...
>You are right in everything that you say.
> |Strictly speaking, the signature on a tag is considered immutable and \  |transitively applies the signature to the commit (it does not
>really, \  |but the effect is the same). The signature on a tag becomes invalid \
>The tag namespace is separate though.  Not that it matters in practice.  Just saying.
> |if the underlying commit, or parents of that commit in git's Merkel \  |Tree changes, so it is quite a strong signature. AFIAK, adding a
>signature \  |to the commit itself does not really improve the strength of the signing \  |(much), unless one implements a multi-signature
>structure - like the \  |commit and signatures on three tags on the same commit. You have then \  |implemented a three-signature
>authority, which basically is a Blockchain\  |-style authority (not quite - I used "-style"), providing that you \  |do trust the signers. I think
>the word for that is "over-kill" 😉, \  |but maybe not in the case of OpenSSL.
>Well.  The thing is, to me, that commits happen much more often than tags.  Tags are in a different namespace also.  "Sealing the
>branches" with a signed commit at times helps in case of trouble, even for a distributed version control system like git, with its "hardened
>SHA-1" checksums.  So of course all the core developers and a lot of other people have full repo clones and shall someone break in some
>infrastructure and mess around the OpenSSL team could simply talk and exchange hashes, and reinstantiate the master proper.  For
>people having local clones that came in via git:// protocol even a signed commit here and there would really be nice.  (For my tiny things i
>offer only https?, and "seal" all stable/ and release/ branches as well as master, only the development branches have no signature.)

The git signature structure is based on GPG signatures for one, not SHA-1. The tag namespace does not matter here. The signature becomes invalid if the combined tree of the commit the tag references changes. If the commit is replaced, the signature becomes invalid regardless of who does it. You can replace a signed commit with another signed commit but you would need to have the public side of the GPG key to validate it. A tag would not point to the new commit without breaking the signature. No one could replace Richard's signature, for example, except for Richard on the openssl-3.0.0 tag. The "breaking the infrastructure" would have to reconstruct the Merkel Tree, which, even in SHA-1 has a one in a billion chance of working, but that is unlikely to result in useful source code.

So there is a certain amount of trust of the signatures of the committers - they should probably publish their public keys so we can do the validation. It might be helpful if GitHub moved to SHA-256 repositories, though.

More information about the openssl-users mailing list