Air-gapped inspection strategy #9
Description
The current users of the Fulcio roots distributed via the TUF repository all seem to rely on an active internet connection being available. This, of course, provides the best guarantee that roots are in their latest form and protects against freeze attack.
In our use case, we don't have a guarantee that our software will always have internet access or have internet access on first launch. Additionally, while the latest online guarantee might be a good default for signature policy verification, we also have use cases for signature inspection to understand the identity/source of the image. In such cases, rather than software stopping to work when there is no internet or all images showing up as unsigned, a better experience would be to verify the correctness of the signature, and if the machine happens to be offline and the latest version of roots couldn't be pulled, then raise an additional warning with the time of the last update.
With some hackery to the fetcher component of TUF client and using two clients in case one gets disabled by an update error, I got the current state into place where:
- first lauch in air-gapped environment sets up initial TUF state from embedded repository
- launches with existing cache verify the correctness of the root chain from the embedded starting point. This is done by saving all the incremental versions of root.json between the embedded root and the most recent one.
This works for the cases where recent Docker is launched for the first time or where the internet intermittently drops out. The problem is that once the timestamp.json (7days) or root.json (6 months) expires, there is no way to start the TUF client without an online update.
Options:
- Try to get an "unsafe" parameter to TUF upstream and sigstore-go to allow such air-gapped usage. There are some parameters like this already. TUF client already has a parameter for setting time reference that could technically work, but would be very hacky, and I'm not sure if sigstore-go would like to expose that.
- Fail all signature inspections. For things that have been previously verified, we could keep a cache and show the result from it.
- Technically, we could just use the trusted_root.json from the embedded sector or from the recent cache directly without any TUF verification. Or use the embedded one if we confirm that it still has the same certs as the latest cache one. In practice, this wouldn't be a huge security concern, but I think it is much weaker than actually doing the whole TUF verification and just deciding to ignore the timestamp. In both cases,we would still put up a warning to the user about the state of the roots that was used during verification.
I wonder as well if we should attempt to detect internet connection in some other ways to distinguish between an offline machine and no connection, specifically to the TUF repository.