Mandos + CentOS 6
Teddy Hogeborn
teddy at recompile.se
Sun Apr 6 13:17:20 CEST 2014
"Nathanael d. Noblet" <nathanael at gnat.ca> writes:
> > As far as I know, OpenSSL can not use OpenPGP keys, and at the time
> > I investigated, GnuTLS was the only TLS library to support it. I
> > also seem to recall that OpenSSL has a problematic license which
> > precludes us from using it.
>
> So out of curiosity - why opengpg certificates + TLS? I realize the
> transport protocol is encrypted and then you pass the password encrypted
> via pgp, which the client has the key to decode. However I'm wondering -
> why not simply use standard SSL/TLS website certificates to protect the
> communication channels, and hand the client the encrypted password to
> decode?
The OpenPGP key serves an important security function. The Mandos
client doesn't simply *tell* the server which client it is and therefore
what secret it wants the server to send it, the client *proves* to the
server that it is indeed the client which is entitled to the secret
which the server holds. It works like this:
The Mandos client holds an OpenPGP public and private key pair. The
client connects to the server, and uses this OpenPGP key as its
"certificate" in the TLS connection. Therefore, the server sees the
client's OpenPGP public key and can, by a successful TLS handshake, know
that the client holds the corresponding OpenPGP secret key.
The server takes the fingerprint of the public key, and uses this
fingerprint as an index to look up the client in its list of clients and
the corresponding secret keys. See, the server can *know* that the
client did not fake this public key fingerprint, because the server did
the fingerprinting itself, and the public key was verified by the
handshake. The server then sends the secret to the client over the
established TLS connection.
(The fact that the secret must then be decrypted by the client using the
same OpenPGP key is merely an additional layer of security, and not part
of the fundamental design.)
For more details, see the section called NETWORK PROTOCOL in mandos(8).
I hope it is clear why conventional domain-name-based X.509 certificates
would be completely inappropriate here.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20140406/aa96161c/attachment.sig>
More information about the Mandos-Dev
mailing list