Mandos + CentOS 6

Nathanael D. Noblet nathanael at gnat.ca
Mon Apr 7 17:25:09 CEST 2014 

On Sun, 2014-04-06 at 13:17 +0200, Teddy Hogeborn wrote:
> "Nathanael d. Noblet" <nathanael at gnat.ca> writes:
> 
> > > As far as I know, OpenSSL can not use OpenPGP keys, and at the time
> > > I investigated, GnuTLS was the only TLS library to support it.  I
> > > also seem to recall that OpenSSL has a problematic license which
> > > precludes us from using it.
> >
> > So out of curiosity - why opengpg certificates + TLS? I realize the
> > transport protocol is encrypted and then you pass the password encrypted
> > via pgp, which the client has the key to decode. However I'm wondering -
> > why not simply use standard SSL/TLS website certificates to protect the
> > communication channels, and hand the client the encrypted password to
> > decode? 
> 
> The OpenPGP key serves an important security function.  The Mandos
> client doesn't simply *tell* the server which client it is and therefore
> what secret it wants the server to send it, the client *proves* to the
> server that it is indeed the client which is entitled to the secret
> which the server holds.  It works like this:
> 
> The Mandos client holds an OpenPGP public and private key pair.  The
> client connects to the server, and uses this OpenPGP key as its
> "certificate" in the TLS connection.  Therefore, the server sees the
> client's OpenPGP public key and can, by a successful TLS handshake, know
> that the client holds the corresponding OpenPGP secret key.
> 
> The server takes the fingerprint of the public key, and uses this
> fingerprint as an index to look up the client in its list of clients and
> the corresponding secret keys.  See, the server can *know* that the
> client did not fake this public key fingerprint, because the server did
> the fingerprinting itself, and the public key was verified by the
> handshake.  The server then sends the secret to the client over the
> established TLS connection.
> 
> (The fact that the secret must then be decrypted by the client using the
> same OpenPGP key is merely an additional layer of security, and not part
> of the fundamental design.)
> 
> For more details, see the section called NETWORK PROTOCOL in mandos(8).
> 
> I hope it is clear why conventional domain-name-based X.509 certificates
> would be completely inappropriate here.
> 

So I think I understand the above, however as far as I'm aware you can
have two way verification of x.509 certificates. The server verifies the
clients certificate and the client only provides its certificate to
valid servers. Which essentially provides the same security as above.
With certificates signed by a trusted CA (which can be an in house CA).
The server makes sure that the certificate provided is trusted and then
gets the client name from the certificate details (which can't be forged
and still have a valid certificate if I'm not mistaken). I don't see
much difference between that and the OpenPGP certificate method. Am I
wrong?

> /Teddy Hogeborn
> 
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev

More information about the Mandos-Dev mailing list