* Re: [gentoo-dev] [RFC] New project: Crypto
2015-12-28 15:07 ` Kristian Fiskerstrand
@ 2015-12-28 15:15 ` Kristian Fiskerstrand
2015-12-28 18:35 ` Rich Freeman
2015-12-29 15:02 ` [gentoo-dev] " Yury German
2 siblings, 0 replies; 15+ messages in thread
From: Kristian Fiskerstrand @ 2015-12-28 15:15 UTC (permalink / raw
To: gentoo-dev@lists.gentoo.org
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation]
> On 28 Dec 2015, at 16:07, Kristian Fiskerstrand <k_f@gentoo.org> wrote:
>
>
> The main issue is key storage, though. For signatures you can use a dedicated signing subkey, however you get in problem with encrypted emails as mobile devices are not really secure devices and should never have cryptographic material. What could work in this case is a NFC (or for that matter bluetooth, although it needs to be properly paired etc etc) channel with a separate device with a separate keychain and display so you can verify the request, and never
This should read pinentry, the existence of a keyring is implicit to the use case..
> actually expose private key material to the cellphone.
>
> In the mean time I just include the notice whenever I don't sign, at least some people notice it and gives it another thought.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] [RFC] New project: Crypto
2015-12-28 15:07 ` Kristian Fiskerstrand
2015-12-28 15:15 ` Kristian Fiskerstrand
@ 2015-12-28 18:35 ` Rich Freeman
2015-12-29 13:58 ` Kristian Fiskerstrand
2015-12-29 15:02 ` [gentoo-dev] " Yury German
2 siblings, 1 reply; 15+ messages in thread
From: Rich Freeman @ 2015-12-28 18:35 UTC (permalink / raw
To: gentoo-dev
On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand <k_f@gentoo.org> wrote:
>> On 28 Dec 2015, at 15:58, James Le Cuirot <chewi@gentoo.org> wrote:
>>
>> On Mon, 28 Dec 2015 09:42:40 -0500
>> Rich Freeman <rich0@gentoo.org> wrote:
>
>>> And this would be why I don't bother to sign my emails any longer.
>>> The FOSS world is still stuck in the days when people ran X11-based
>>> MUAs and stored their mail in conventional folders. I've yet to see a
>>> decent browser-based MUA or Android client which does signing.
>>> Squirrelmail does, but it is really lacking compared to something like
>>> Gmail.
>>
>> I haven't tried the feature myself but K9 Mail, which is highly
>> regarded, does it via APG on Android.
>
> iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things happening with OpenKeychain
> (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it a bit during last OpenPGP summit in zurich.
>
K9 also doesn't support email tagging as far as I'm aware, and I don't
believe there is a browser version of it either (I do require an MUA
accessible by a browser, as this is how I compose 99% of my emails - I
read this email on androids, and am replying from a browser right
now). To some extent they can be forgiven for not supporting tagging,
as I don't believe IMAP supports it either, so we need standards as
well as FOSS clients to make it work.
But, it isn't like I'm paying anybody to solve the problem, so we all
make do, either living without features or without signatures as the
case may be.
> The main issue is key storage, though. For signatures you can use a dedicated
> signing subkey, however you get in problem with encrypted emails as mobile devices
> are not really secure devices and should never have cryptographic material. What could
> work in this case is a NFC (or for that matter bluetooth, although it needs to be properly
> paired etc etc) channel with a separate device with a separate keychain and display so
> you can verify the request, and never actually expose private key material to the cellphone.
That concern is hardly unique to phones. PCs suffer just as much from
this problem. The solution could potentially be the same. For
signing it is a straightforward problem since there is nothing to be
kept secret except the key material itself (just send the message to
the signing device, and return the signature back). For encryption
you have additional challenges if you want to be able to make any use
of the plaintext without it getting stolen - once decrypted it is only
secure as any device that comes in contact with it. And there is no
reason that mobile and browser frameworks couldn't talk to such
devices with the right standards.
If it were up to me the government would hand out signing devices just
as they hand out passports. It seems kind of silly in this day and
age that we haven't solved the key-management problem and half of our
commerce involves giving 16-digit numbers to everybody we do business
with and asking them to keep them secret for us.
--
Rich
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] [RFC] New project: Crypto
2015-12-28 18:35 ` Rich Freeman
@ 2015-12-29 13:58 ` Kristian Fiskerstrand
2015-12-29 14:27 ` Rich Freeman
0 siblings, 1 reply; 15+ messages in thread
From: Kristian Fiskerstrand @ 2015-12-29 13:58 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 12/28/2015 07:35 PM, Rich Freeman wrote:
> On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand
> <k_f@gentoo.org> wrote:
>>> On 28 Dec 2015, at 15:58, James Le Cuirot <chewi@gentoo.org>
>>> wrote:
>>>
> That concern is hardly unique to phones. PCs suffer just as much
> from this problem. The solution could potentially be the same.
> For
But here we already have smartcards (that everyone should and _is_
using... right?)
> signing it is a straightforward problem since there is nothing to
> be kept secret except the key material itself (just send the
> message to the signing device, and return the signature back). For
> encryption
for clarity (and what I think you already mean), the message in this
case is the message to be signed (which is likely a blinded hash or
something, so much shorter than the original data)
> you have additional challenges if you want to be able to make any
> use of the plaintext without it getting stolen - once decrypted it
> is only secure as any device that comes in contact with it. And
> there is no
Indeed, but at least the device won't be able to decrypt further
communication as it'd only have access to the session key of the
particular message. Loosing control of the private (sub)key is
substantially worse, so that might actually be ok for the security
parameters of the users.
> reason that mobile and browser frameworks couldn't talk to such
> devices with the right standards.
>
> If it were up to me the government would hand out signing devices
> just as they hand out passports.
This already happen in several countries, including Germany and on a
semi-related variant Norway (its government approved to sign
electronically using BankID, where the banks does the verification).
In germany there is even a CA that checks the government ID and
certify OpenPGP keys based on it.
- --
Kristian Fiskerstrand
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJWgpGGAAoJECULev7WN52FHM4H/3hRy9UcmNtQ9cXOKR6xvwPy
jso78Adi2EP4rGdMJrczBO7ymG5NSxF3rtVel1UjyYfT8x3MEgPfyyG26yGUOo6X
tyL5dBiZ6dLCDMDAJdc3tTuLkgaRCkyPZFva6qOp3DgHMAez+wQTKTkmzpMGmG8M
UxqrUWOS/7cGx5Dp+GOYWqd6nx+xrzwg63UbZqstwpPGZVp1BzI/Cat0KQv2j+q1
SU7IKvl4B2HmuL7BeZrc1H7Vj4BmUC1bgw5jnaA0E5oAsHvYefVxBQkt6sroxrbJ
8cXm4NGFRrLf4YkO/x7T7CRxnVLcGKdNkrKJDquCcsPHbc9oR44JBiXdO4OaWd4=
=dIzk
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] [RFC] New project: Crypto
2015-12-29 13:58 ` Kristian Fiskerstrand
@ 2015-12-29 14:27 ` Rich Freeman
2015-12-29 16:59 ` [gentoo-dev] " Duncan
0 siblings, 1 reply; 15+ messages in thread
From: Rich Freeman @ 2015-12-29 14:27 UTC (permalink / raw
To: gentoo-dev
On Tue, Dec 29, 2015 at 8:58 AM, Kristian Fiskerstrand <k_f@gentoo.org> wrote:
>
> On 12/28/2015 07:35 PM, Rich Freeman wrote:
>> On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand
>> <k_f@gentoo.org> wrote:
>>>> On 28 Dec 2015, at 15:58, James Le Cuirot <chewi@gentoo.org>
>>>> wrote:
>>>>
>
>
>> That concern is hardly unique to phones. PCs suffer just as much
>> from this problem. The solution could potentially be the same.
>> For
>
> But here we already have smartcards (that everyone should and _is_
> using... right?)
I imagine that smartcards have about as much support on mobile as they
do on PCs, which is to say not much.
Sure, you can make it work, but software support for signing stuff is
limited in general, let alone support for doing it with smartcards.
>
>> signing it is a straightforward problem since there is nothing to
>> be kept secret except the key material itself (just send the
>> message to the signing device, and return the signature back). For
>> encryption
>
> for clarity (and what I think you already mean), the message in this
> case is the message to be signed (which is likely a blinded hash or
> something, so much shorter than the original data)
If you don't display the plaintext on the device doing the signing,
then you're vulnerable to a MITM unless you trust your PC, but if you
trusted your PC you wouldn't need the signing device.
The only thing a smartcard does is protects the private key itself.
It doesn't protect you from manipulation of the data to be signed, or
theft of plaintext, etc.
>
> Indeed, but at least the device won't be able to decrypt further
> communication as it'd only have access to the session key of the
> particular message. Loosing control of the private (sub)key is
> substantially worse, so that might actually be ok for the security
> parameters of the users.
I agree, there are degrees of failure.
>
> This already happen in several countries, including Germany and on a
> semi-related variant Norway (its government approved to sign
> electronically using BankID, where the banks does the verification).
> In germany there is even a CA that checks the government ID and
> certify OpenPGP keys based on it.
>
That is at least a step up. Should we require or at least recommend
government-signed keys for Gentoo in the few jurisdictions that
provide them? I guess the main concern would be if we wanted to allow
anonymity.
So many problems would be solved if a signature using a secure device
was required for every financial transaction. Just stick the PIN pad
on the signing device with a small display. The device is given a
message to sign including the date, amount to be authorized, and who
is getting paid. The device displays this info on its screen and
prompts for a PIN. For the problem of payment authorization that
would eliminate almost all forms of fraud that don't involve holding
somebody at gunpoint (and you could have a duress PIN and an encrypted
field in the authorization large enough to hold either a padded all
clear or an under-duress message with the timestamp and GPS
coordinates that only the bank could read).
In the US everybody seems to be afraid of big brother but big brother
has enough big data that he doesn't really need you to use his fancy
signing device anyway.
--
Rich
^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-dev] Re: [RFC] New project: Crypto
2015-12-29 14:27 ` Rich Freeman
@ 2015-12-29 16:59 ` Duncan
0 siblings, 0 replies; 15+ messages in thread
From: Duncan @ 2015-12-29 16:59 UTC (permalink / raw
To: gentoo-dev
Rich Freeman posted on Tue, 29 Dec 2015 09:27:59 -0500 as excerpted:
> In the US everybody seems to be afraid of big brother but big brother
> has enough big data that he doesn't really need you to use his fancy
> signing device anyway.
It isn't just big brother, tho that's bad enough. Such a government
mandated device for signing all financial transactions is a political no-
go here in the US due to "mark of the beast" concerns. After all, the
prophesy did say people couldn't buy or sell without it, and even a lot
of people who are no longer generally religious are still wary of that.
That's one of the reasons the post-9/11 federally mandated ID reforms had
so much resistance, and those aren't required to buy or sell. If someone
tried to mandate something like that for financial transactions it could
very easily spark a revolution here, and I'm not kidding.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] [RFC] New project: Crypto
2015-12-28 15:07 ` Kristian Fiskerstrand
2015-12-28 15:15 ` Kristian Fiskerstrand
2015-12-28 18:35 ` Rich Freeman
@ 2015-12-29 15:02 ` Yury German
2 siblings, 0 replies; 15+ messages in thread
From: Yury German @ 2015-12-29 15:02 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2229 bytes --]
I have talked to the YubiKey people at a few shows (BlackHat), and they
told me that they are looking at Bluetooth key store. To work with iPad
and Android.
That would be great, but the problem is programs that can use that.
On 12/28/15 10:07 AM, Kristian Fiskerstrand wrote:
>
>
> [Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation]
>
>> On 28 Dec 2015, at 15:58, James Le Cuirot <chewi@gentoo.org> wrote:
>>
>> On Mon, 28 Dec 2015 09:42:40 -0500
>> Rich Freeman <rich0@gentoo.org> wrote:
>>>
>
> ..
>
>>> And this would be why I don't bother to sign my emails any longer.
>>> The FOSS world is still stuck in the days when people ran X11-based
>>> MUAs and stored their mail in conventional folders. I've yet to see a
>>> decent browser-based MUA or Android client which does signing.
>>> Squirrelmail does, but it is really lacking compared to something like
>>> Gmail.
>>
>> I haven't tried the feature myself but K9 Mail, which is highly
>> regarded, does it via APG on Android.
>
>
> iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things happening with OpenKeychain (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it a bit during last OpenPGP summit in zurich.
>
> The main issue is key storage, though. For signatures you can use a dedicated signing subkey, however you get in problem with encrypted emails as mobile devices are not really secure devices and should never have cryptographic material. What could work in this case is a NFC (or for that matter bluetooth, although it needs to be properly paired etc etc) channel with a separate device with a separate keychain and display so you can verify the request, and never actually expose private key material to the cellphone.
>
> In the mean time I just include the notice whenever I don't sign, at least some people notice it and gives it another thought.
>
--
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 496 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread