[Freedombox-discuss] my summary of yesterday's Hackfest
Jonas Smedegaard
dr at jones.dk
Tue Mar 1 18:34:18 UTC 2011
On Tue, Mar 01, 2011 at 07:04:53PM +0100, Melvin Carvalho wrote:
>On 1 March 2011 18:44, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On 03/01/2011 12:33 PM, Melvin Carvalho wrote:
>>> But actually there is a way in the case of the Freedom Box, because
>>> you have the advantage of controlling your own server.
>>>
>>> Since you are already running a webserver and (hopefully) have
>>> control of your DNS.
>>>
>>> You can provide a two-way verification chain.
>>>
>>> 1. Your Person Profile publishes your public key. (this is a few
>>> lines of html5, should be easy)
>>> 2. Point your self-signed X.509 to your Freedom Box profile. This can
>>> be done by putting an entry in the SubjectAltName field of the cert, a
>>> common technique.
>>>
>>> This provides strong verification for all the X.509 tool chain and
>>> means you can talk security to any server using SSL/TLS which is
>>> most of them, providing strong authentication as a side product.
>>
>> This doesn't provide an adequate means of revocation, though. If an
>> attacker gets control over your key, and is able to repoint DNS, then
>> you cannot publish any revocation statement about this key through
>> this channel.
>
>If an attacker does gain these two points of control, and they knew
>what they were doing, you could have an issue yes.
>
>We need to scope out a revocation model, but I dont think it's that
>hard. May already be something existing, I'll have a check.
Without plauing with it yet myself, I blindly assumed Monkeysphere was
usable for exactly this: use GPG web of trust to assure certificates.
>> These two points are what i meant when i said that this model has "no
>> way of verifying/revoking these keys".
>>
>> I'm sure you could graft something like this onto <X.509+your scheme
>> above>; but OpenPGP already exists and handles these cases pretty
>> well. Why reinvent the wheel?
>
>Because X.509 is quite webby, and the web is the dominant ecosystem on
>the internet.
more specifically: TLS allows for RESTful secure identity handling -
which helps save bandwidth as is is friendly to proxies and other
caching.
http://www.w3.org/wiki/WebID
Your arguments about the trust model, Daniel, I agree with: we should
not (only) rely on existing certificate chains.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110301/a9336563/attachment.pgp>
More information about the Freedombox-discuss
mailing list