From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 29AE31384B4 for ; Tue, 29 Dec 2015 14:28:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C7BC521C03A; Tue, 29 Dec 2015 14:28:00 +0000 (UTC) Received: from mail-ig0-f180.google.com (mail-ig0-f180.google.com [209.85.213.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E42C521C006 for ; Tue, 29 Dec 2015 14:27:59 +0000 (UTC) Received: by mail-ig0-f180.google.com with SMTP id to4so162729918igc.0 for ; Tue, 29 Dec 2015 06:27:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=8s2Rsev705T+br6dA60kmeyD++W7BP2ZW09iT17ZAp0=; b=pFpoZOgDDR7DEz062Z3QQfxmLJgSBWVLjrCBaJlRD94Jg9pX9KnjiMkkkEzsm/pX4f zY1RfaAKzw+2FZRki8kzMqhYZlMtFN7ibJy1IFejGBKAl4IxBLzuKCz1IOWnZhvHUq3/ fj/63rmD+LszYm6KmN0KCboH8TdoPVGbrrdVhtU2yJOT4tL3NjjwevvGb06gYZLyoB6F jX28kyslMyQxroQIfU5cwQ1iw9ufy2fTMXcrv0mVHo73urDT+duvT0a+QDUdJ7Hz9HFE QtEmtrVyjN3kK5rfDooxcfkuTOkB0FLLcaQdujyXsLnMr7odhe6ivkQ2e2y2qSkkWqxA 7EQg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.50.64.146 with SMTP id o18mr54224956igs.51.1451399279168; Tue, 29 Dec 2015 06:27:59 -0800 (PST) Sender: freemanrich@gmail.com Received: by 10.64.225.228 with HTTP; Tue, 29 Dec 2015 06:27:59 -0800 (PST) In-Reply-To: <5682918A.5070003@gentoo.org> References: <5655EBF0.9000804@gentoo.org> <56560A11.8030700@gentoo.org> <56561851.2020900@gentoo.org> <20151228014934.e94250f4670cde139dbc7867@gentoo.org> <21A8380F-6010-4CDD-8DEF-02FA11217D21@gentoo.org> <20151228145813.40343a43@symphony.aura-online.co.uk> <9AB9A178-B4A1-4493-A3A4-0B3A855E603F@gentoo.org> <5682918A.5070003@gentoo.org> Date: Tue, 29 Dec 2015 09:27:59 -0500 X-Google-Sender-Auth: h-Pz7GqycooDpSTOHUwwqhnAZKw Message-ID: Subject: Re: [gentoo-dev] [RFC] New project: Crypto From: Rich Freeman To: gentoo-dev Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 68b8dc65-5bc6-4450-862c-7e2f8c7a85dc X-Archives-Hash: 057a25d82c550da6878219d67b21c119 On Tue, Dec 29, 2015 at 8:58 AM, Kristian Fiskerstrand wrote: > > On 12/28/2015 07:35 PM, Rich Freeman wrote: >> On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand >> wrote: >>>> On 28 Dec 2015, at 15:58, James Le Cuirot >>>> wrote: >>>> > > >> That concern is hardly unique to phones. PCs suffer just as much >> from this problem. The solution could potentially be the same. >> For > > But here we already have smartcards (that everyone should and _is_ > using... right?) I imagine that smartcards have about as much support on mobile as they do on PCs, which is to say not much. Sure, you can make it work, but software support for signing stuff is limited in general, let alone support for doing it with smartcards. > >> signing it is a straightforward problem since there is nothing to >> be kept secret except the key material itself (just send the >> message to the signing device, and return the signature back). For >> encryption > > for clarity (and what I think you already mean), the message in this > case is the message to be signed (which is likely a blinded hash or > something, so much shorter than the original data) If you don't display the plaintext on the device doing the signing, then you're vulnerable to a MITM unless you trust your PC, but if you trusted your PC you wouldn't need the signing device. The only thing a smartcard does is protects the private key itself. It doesn't protect you from manipulation of the data to be signed, or theft of plaintext, etc. > > Indeed, but at least the device won't be able to decrypt further > communication as it'd only have access to the session key of the > particular message. Loosing control of the private (sub)key is > substantially worse, so that might actually be ok for the security > parameters of the users. I agree, there are degrees of failure. > > This already happen in several countries, including Germany and on a > semi-related variant Norway (its government approved to sign > electronically using BankID, where the banks does the verification). > In germany there is even a CA that checks the government ID and > certify OpenPGP keys based on it. > That is at least a step up. Should we require or at least recommend government-signed keys for Gentoo in the few jurisdictions that provide them? I guess the main concern would be if we wanted to allow anonymity. So many problems would be solved if a signature using a secure device was required for every financial transaction. Just stick the PIN pad on the signing device with a small display. The device is given a message to sign including the date, amount to be authorized, and who is getting paid. The device displays this info on its screen and prompts for a PIN. For the problem of payment authorization that would eliminate almost all forms of fraud that don't involve holding somebody at gunpoint (and you could have a duress PIN and an encrypted field in the authorization large enough to hold either a padded all clear or an under-duress message with the timestamp and GPS coordinates that only the bank could read). In the US everybody seems to be afraid of big brother but big brother has enough big data that he doesn't really need you to use his fancy signing device anyway. -- Rich