As we know, the use of the rulesets currently requires blind trust on our signing key. It also requires trust from the users that the same ruleset is being shipped to everybody at the same time. Even with our best intentions, if the key was compromised, properly scoped and targeted attacks would remain undetectable.
This ruleset is a natural target for transparency properties: we already archive all the past lists, and we already sign them when we ship them. The Sigsum's developers have suggested that for a long time, as Sigsum is currently the lightest transparency log that's available. It only required an ed2559 private key, and it does support pretty much all the security features we could need. Incidentally, we've also already written a Sigsum verifier (sigsum-ts) for WEBCAT anyway, and it has no runtime dependencies, it pretty minimal and uses the web crypto API as TBB also currently does.
The implementation is here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-152.0a1-16.0-2/browser/components/onionservices/OnionAliasStore.sys.mjs?ref_type=heads
Since we are schedule to rotate the key anyway, and this has been on the table for discussion for a while, it could be a good moment to see if TBB would be interested. We can probably provide the TBB implementation part as well pretty easily.
As a result, I believe we could also simplify our signing procedures quite a bit.
As we know, the use of the rulesets currently requires blind trust on our signing key. It also requires trust from the users that the same ruleset is being shipped to everybody at the same time. Even with our best intentions, if the key was compromised, properly scoped and targeted attacks would remain undetectable.
This ruleset is a natural target for transparency properties: we already archive all the past lists, and we already sign them when we ship them. The Sigsum's developers have suggested that for a long time, as Sigsum is currently the lightest transparency log that's available. It only required an ed2559 private key, and it does support pretty much all the security features we could need. Incidentally, we've also already written a Sigsum verifier (sigsum-ts) for WEBCAT anyway, and it has no runtime dependencies, it pretty minimal and uses the web crypto API as TBB also currently does.
The implementation is here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-152.0a1-16.0-2/browser/components/onionservices/OnionAliasStore.sys.mjs?ref_type=heads
Since we are schedule to rotate the key anyway, and this has been on the table for discussion for a while, it could be a good moment to see if TBB would be interested. We can probably provide the TBB implementation part as well pretty easily.
As a result, I believe we could also simplify our signing procedures quite a bit.