Bug 16065 – Provide digitally signed binaries for Windows

Hi all! Would it be possible to provide digitally signed binaries for the DMD Windows installers? Additionally, though this is likely outside the scope, perhaps [eventually] LDC and GDC installers could be hosted here as well [and signed]? Currently they are delivered over HTTP, and there is no way to be certain that the files truly originated from the downloads.dlang.org server or somewhere else. Even if HTTPS and HSTS were made available, this wouldn't protect users in a hypothetical scenario where the web server itself was compromised or where a Man-in-the-Middle attack had replaced the D website with another website that had a 'valid certificate' issued by another CA. I realize that this may be tricky to add into the build/release process, as protecting the signing key now becomes a critical issue, but I wanted to bring it up as I saw no previous or existing issues that covered this topic. Thank you for your consideration.

Signature on binaries can be forged in the same way: obtain a valid certificate with a similar CN and use it.

It would be nice if there was something akin to a "D Language Foundation" certificate issued by VeriSign or equivalent. The difficulty and effort required to compromise (or "compromise") both the delivery mechanism (https://downloads.dlang.org) and the delivery package (the signed executable) become significantly harder with each added security mechanism.

A more reliable mechanism would be a PGP signature. If you check against only one key, it will be equivalent to key pinning. Oh, and the ultimate security is to build everything from source.

"-4" for the windows certificate because - It is not free. It's a commercial system, e.g there are companies whose buisness it to sell them. - Companies who deliver them for free do it only for FOSS. but DMD is not fully FOSS. - This system usually just reassures people who know nothing to software but since DMD are dedicated to programmers this is not useful at all. - This system means nothing unless the software checks itself for the certificate at run-time (e.g windows only checks on execution if the UAC is toggled on). Windows certificates are just a trick invented in the early 2010's to steal the money of the developers. The impact on the secutity is very low since this system would have been useful ten years before (early 2000's, XP, the freeware galore, ...) when Windows was still the main platform used as malware vector. I would advice you not to lose time to obtain that DMD, the tools and the installer, get signed. ;)

PGP signatures work fine for *nix systems, but this requires either compiling PGP from source for windows, or finding some other distributor of PGP binaries for windows before you can even run the check. To add to that, PGP signatures must also be delivered over HTTPS, and even then, again, the only barrier to supplying a bad binary is to gain access to the web server. On the other hand, with signed code, an attacker has to compromise both the web server (delivery mechanism) and go through the process of obtaining a code signing key that looks legitimate enough from a CA that issues them. Not the necessarily the hardest problem, but it's a two step process. I will agree that it is disappointing that the pricing is as steep as it is ($84 to $800 depending on the vendor, per year) but I would argue that the lower end is a manageable price if it helps prevent bad binaries from being distributed. The ones I found on the lower end were Comodo (directly and indirectly), GoDaddy, GlobalSign, and DigiCert.

(In reply to James King from comment #5) > To add to that, PGP signatures must also be delivered over HTTPS AFAIK, they can be delivered over HTTP just fine. It's a key property of a digital signature that it can't be realistically forged because of math behind cryptography. > and even then, again, the > only barrier to supplying a bad binary is to gain access to the web server. The signature doesn't prevent supplying a bad binary from the web server. It prevents running the bad binary if the user checks the signature and pays attention to the failed check and decides to not run it.

BTW looks like distribution archives are already signed, see keys at https://dlang.org/gpg_keys.html

being done since a full year or so now.