[wp-trac] [WordPress Trac] #25052: Updates and downloads should be signed
WordPress Trac
noreply at wordpress.org
Tue Sep 10 06:22:09 UTC 2013
#25052: Updates and downloads should be signed
-----------------------------+------------------
Reporter: samuelsidler | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.7
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------
Changes (by dd32):
* milestone: Awaiting Review => 3.7
Comment:
Marking as 3.7 for review.
> +1 Would this be a secure API call or a copy/paste from wordpress.org?
The latter probably being less of an issue, for example a button the
prompts for the pasted hash from wordpress.org and then does a check.
I'm not 100% on the cryptographic's behind it, but one suggestion that's
been given to me is that we'd include a pre-shared public key in
WordPress, we'd sign packages (Core, Plugin, and, Theme zip's) on the
server-side with a private key allowing WordPress to verify the package
source.
Another option is that the Zip contains a signed hash of the files
contained within, and that's what's verified.
There would be no user interaction in the verification process.
This signing may not be needed however, as it would effectively
duplicating the HTTPS efforts in #25007 - The checks done there verify
that the URL the packages are being downloaded from (if HTTPS, which is
the default for 3.7+ if the local WordPress install supports it) have a
valid SSL certificate for the *.wordpress.org domain.
However, there is the possibility that someone could get their own
wordpress.org certificate from a compromised trusted CA or from a signing
agency that doesn't verify things correctly.. To combat that, we can Pin
the WordPress.org SSL certificate so that we're guaranteed that the HTTPS
connection is to WordPress.org - #25252
With that in mind, Any package signing may not bring anything extra to the
table.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25052#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list