Mandos + CentOS 6
Nathanael D. Noblet
nathanael at gnat.ca
Mon Jun 30 15:32:51 CEST 2014
I haven't done anything else. It works but you can't use clients who've
linked to different versions of gnutls.
--
Nathanael
On Sun, 2014-06-29 at 23:43 +0200, Erik Logtenberg wrote:
> Hi,
>
> Has there been any further progress on getting Mandos to work with
> RHEL/Fedora/CentOS?
>
> Thanks,
>
> Erik.
>
>
> On 04/13/2014 06:23 PM, Teddy Hogeborn wrote:
> > "Nathanael D. Noblet" <nathanael at gnat.ca> writes:
> >
> >>>>> As far as I know, OpenSSL can not use OpenPGP keys, and at the
> >>>>> time I investigated, GnuTLS was the only TLS library to support
> >>>>> it. I also seem to recall that OpenSSL has a problematic
> >>>>> license which precludes us from using it.
> >>>>
> >>>> So out of curiosity - why opengpg certificates + TLS?
> > [...]
> >>> The OpenPGP key serves an important security function.
> > [...]
> >>> For more details, see the section called NETWORK PROTOCOL in
> >>> mandos(8).
> >>>
> >>> I hope it is clear why conventional domain-name-based X.509
> >>> certificates would be completely inappropriate here.
> >>
> >> So I think I understand the above, however as far as I'm aware you can
> >> have two way verification of x.509 certificates. The server verifies
> >> the clients certificate and the client only provides its certificate
> >> to valid servers. Which essentially provides the same security as
> >> above. With certificates signed by a trusted CA (which can be an in
> >> house CA). The server makes sure that the certificate provided is
> >> trusted and then gets the client name from the certificate details
> >> (which can't be forged and still have a valid certificate if I'm not
> >> mistaken). I don't see much difference between that and the OpenPGP
> >> certificate method. Am I wrong?
> >
> > No, I think your proposed scheme would basically work. It has, however,
> > a few issues:
> >
> > 1. Clients would need to arrange for their X.509 certificates to be
> > signed by a CA which the Mandos server trusts. This is an additional
> > complication not needed with the existing protocol.
> >
> > 2. You say that "[...] the client only provides its certificate to valid
> > servers.". Why? This additional step could probably be added to the
> > existing protocol, but what additional security does it provide?
> > What attack does it prevent?
> >
> > 3. Your proposed scheme uses X.509 certificates. These are
> > fundamentally unsuitable for our purposes due to:
> >
> > a) Their main orientation towards certificate authority signing
> > chains. We do not use this feature in Mandos, so there is every
> > reason to prefer the simpler OpenPGP keys instead.
> >
> > b) The enormous complexity of X.509. See here for more details:
> > <https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf>
> > This complexity has lead to very many bugs in a lot of software
> > over the years, including Apple's recent "goto fail" bug.
> >
> > 4. "GPG for data at rest. TLS for data in motion." is a rather well-
> > known quote by Thomas Ptacek in a dialog he wrote about best
> > practices in cryptography: <http://e-x-a.org/articles/typing-a-e-s/>
> > If we want to follow that principle, we should encrypt the data with
> > OpenPGP when it is "at rest" in the Mandos server. This means the
> > client needs an OpenPGP key *anyway* to decrypt this data. So we
> > already have an OpenPGP key to use in the TLS connection. Using an
> > additional X.509 certificate for the TLS connections seems
> > nonsensical given that TLS already supports OpenPGP keys.
> >
> > Also, we designed the protocol to use OpenPGP keys because we *like*
> > OpenPGP keys, and we wrote the program to use GnuTLS because we *like*
> > GnuTLS - and that is only partly because it supports OpenPGP keys in
> > TLS.
> >
> > We have, so far, managed to avoid *all* major bugs in TLS libraries that
> > have been released in recent years. We use GnuTLS, which is not subject
> > to the Heartbleed bug or to the "goto fail" bug, and the recent bug *in*
> > GnuTLS bug only affected verification of X.509 certificates. Therefore,
> > I feel irrationaly pleased with our intuitive choices of technologies
> > and libraries.
> >
> > /Teddy Hogeborn
> >
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev
>
More information about the Mandos-Dev
mailing list