BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Why the dislike of X.509?
- Subject: [Discuss] Why the dislike of X.509?
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Mon, 25 Aug 2014 15:54:51 -0400
- In-reply-to: <023d694b896d29f060da27a977f040d4.squirrel@mail.mohawksoft.com>
- References: <53F9F6B9.4060505@stephenadler.com> <20140824161132.GE14848@randomstring.org> <be314521ab6bebb6add54d706b042f01.squirrel@mail.mohawksoft.com> <53FA1C3B.70908@gmail.com> <53FB19E5.4080602@aeminium.org> <53FB4A5D.2030305@gmail.com> <CA+h9Qs5GnC6d1ejBQC=crtHwxoDiFWo4Kn+xjt0eiA8Kr733_A@mail.gmail.com> <53FB70E6.50706@gmail.com> <CAAbKA3VMpFi37aJ2510XXUYLQu4qEMPYfhDWU6aBd9oXGnTcNw@mail.gmail.com> <023d694b896d29f060da27a977f040d4.squirrel@mail.mohawksoft.com>
On Mon, Aug 25, 2014 at 2:20 PM, <markw at mohawksoft.com> wrote: > You are talking about browser fuckary, not openvpn. Openvpn uses the > hierarchical PKI of x509, but has no default "trusted" CAs. That a VPN doesn't require or apparently use the installed 'default "trusted" CAs' doesn't necessarily mean it successfully ignores them. If it uses the same SSL library as a browser -- on any platform -- that assertion has to be demonstrated to be true. I hope you're right. Hope is not good enough to a security auditor. Show me. I share Rich's concern about Key Escrow anytime, anywhere, and understand why VPN and/or PKI smells similar to him. But If Rich is worried about a private corporate self-hosted OPEN-VPN implemented with self-signed local-root CA key acting as key escrow, well, that is irrelevant for VPN use-case WHEN (actually) PRIVATELY HOSTED. (Aside from my hypothetical inadvertent public root trust concern.) Yeah, you trust the Admin admin running it, who gen'd and self-signed their key and your key too, and the Corp that owns it. Your bits go to their server eventually when you VPN into them anyway, so why not? If Corp VPN and users exchange secret keys out of band instead of issuing client&server private PKI x.509 certs out of band, the Corp is still in position to cough up everything. If the Corp node in the VPN is subverted or subpoenaed, the traffic can be gotten at point of egress from the tunnel by the corporate owner (or by subverted systems) even easier. VPN usecase does NOT protect users from VPN host. (Likewise with unsigned SSH RSA keys, either end-point can spill what's before or after the tunnel, and recipient Host can add bogus keys to allow Eve to log in as Alice, just as Root can make a second usernam/password with same numeric userid to read/write all your files, if there isn't second-factor auth. ) But Rich is right that with Commercial VPN providers (whether based on OpenVPN or proprietary stacks), yes, the moral equivalent of key escrow is a very real concern, whether X509 PKI or not, but X509 complicates matters. Need to find out in each case if the nuts-and-bolts allow the Provider to answer a subpoena/NSL to cough up keys or implement a MITM tap without help from each client Corp's admin, if their PKI gives them back door, or if it requires customer cooperation. VPNs as a service have a big trust issue. VPNs implemented locally are locally centralized. This provides a single locus within the Corp for an opponent to attack by hack or by legal pressure, but this Centralization doesn't intrinsically change the trust model. (unless you for some reason trust your local Root ops more than Corp Network Operations, which would be a problem of another sort). (and unless the product "implemented locally" uses a hardware Vendor CA chain instead of truly local keying, in which case it isn't reall local, see 'as a service' above !! ) Your bits travelling through employer are not totally protected and never will be, even if some courts say you have an expectation of privacy (for some purposes). Your bits travelling through a Partner's system who gives (sells) you VPN access into their systems for some mutual benefit aren't protected from them after they emerge from the tunnel either, so their having escrow-equivalent ability to recover/spoof/whatever your keying matter is pretty irrelevant. Both Employer and Partner entities will respond to Subpoena / NSL. Nobody should expect otherwise. (Which doesn't change that anything that smells like escrow smells 'off' to those who care about security that really works. From what Rich has said re dates, his allergy to escrow likely stems from the same controversy as mine. http://www.cryptomuseum.com/crypto/usa/clipper.htm http://en.wikipedia.org/wiki/Clipper_chip#Backlash X509 PKI is not normally considered an escrow regime in normal usage, but Rich is quite correct that central CAs or other registries have *abilities* that are hard to distinguish from Escrow - even if they never know your private key, they can at the very least forge another one with the same apparent identity, and so spoof you to others -- or spoof someone important to you. With a VPN or other Central registry that totally generates all keying matter (rather than signing public half of pub/priv key the client app creates), they may actually literally escrow too. But that would be wrong. Moving RSA-style private keys of an asymmetric public/private is a mortal sin in cryptography; if you are sharing a secret, might as well be a shared symmetric key. Multiple Load-balancers all terminating connections for same public cert with copies of a private key is dubious practice.) -- Bill Ricker bill.n1vux at gmail.com https://www.linkedin.com/in/n1vux
- Follow-Ups:
- [Discuss] Why the dislike of X.509?
- From: bogstad at pobox.com (Bill Bogstad)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] Why the dislike of X.509?
- References:
- [Discuss] vnc
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] vnc
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] vnc
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] vnc
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] vnc
- From: nuno at aeminium.org (Nuno Sucena Almeida)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: jabr at blu.org (John Abreau)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] Why the dislike of X.509?
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] vnc
- Prev by Date: [Discuss] Why the dislike of X.509?
- Next by Date: [Discuss] Why the dislike of X.509?
- Previous by thread: [Discuss] Why the dislike of X.509?
- Next by thread: [Discuss] Why the dislike of X.509?
- Index(es):