Re: [cryptography] someone should make openssh keys expire

[Ralph Holz]

Hi,

On 04/09/2013 04:05 AM, Tom Ritter wrote:
> Somebody did ;)  http://www.sshark.org/

Could I shamelessly self-advertise our notary service for SSH host keys?

ralph@firenze:~$ dig -t TXT 131.159.15.12.cbssh.net.in.tum.de

;; ANSWER SECTION:
131.159.15.12.cbssh.net.in.tum.de. 21600 IN TXT "{ip: 131.159.15.12,
[{fp: 0f:59:a5:bf:28:7f:31:a3:cc:4a:7f:10:24:f8:b1:93, first-seen:
2012-11-18 01:36:19, last-seen: 2012-11-18 01:36:19, count: 1, type:
ssh-rsa, ver: ssh2},{fp:
56:de:fb:d4:c9:99:5d:e0:36:f4:2e:fb:4d:15:68:7d, first-seen: 2012-11-18
01" ":36:35, last-seen: 2012-11-18 01:36:35, count: 1, type: ssh-dss,
ver: ssh2}]}

We have several hundred thousand IP <--> hostkey mappings there.

Here's the talk:
http://www.youtube.com/watch?v=29h21n-tyfE&t=46m26s

Admittedly, this is just a low-powered notary that we run for the fun of
it, but we're going to release code etc. for others to use.

Ralph




signature.asc
Description: OpenPGP digital signature
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] someone should make openssh keys expire

[ianG]

On 9/04/13 03:48 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:

Just saying...

They have signatures now, but there's no way to effectively audit them or 
expire them.



The question is, why?  If you can answer that effectively, then you 
might be right.


Let me put these stumbling blocks in your way.

Firstly, signatures, if they are to be last over time, have to protect 
or mean something.  In an ephemeral protocol, they protect a secret 
until it is thrown away, seconds or hours, no more explanation needed. 
In the other extreme, a long term digital signing protocol, they protect 
a really big public statement over years.  So, your idea might have 
merit.  But even there, a successful signing protocol always leans on 
immediate escrow of the signature and keys.  Aka timestamping.  No 
expiry needed, then, but there is a lot of load put on revocation.


Let's look more closely at the application:  SSH does ephemeral key 
protection, not anything more serious.  It is used by sysadms on their 
own machines, generally.  It's their value at risk, and they are in 
control.  They can audit keys by looking at them, both ends, and the 
entire cycle is under their control.  They can expire them by generating 
new keys, and afaik, most sysadms do roll over their keys from time to 
time.  It's really easy, one command to create.  No money, no time 
required, except the scripting to promulgate.


If you look at say where they do use audit & expiry, the CA business, 
you'll find other circumstances:  The users' value is entirely at risk, 
they are liable for everything, for which privilege they pay a fee.  Yet 
the CAs are entirely in control, with no value at risk, for which they 
charge a fee.  The jurisdictions are multiple:  users, vendors, CAs, 
server vendors, server users, and committees, all with particular 
interests.  Money and time are significant.  Even the signatures mean 
different things:  code-signing != SSL signing != client-login != 
client-signing.


One thing should be clear:  just because the CA business does X, doesn't 
mean that anyone else should.




iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] someone should make openssh keys expire

[Tom Ritter]

Somebody did ;)  http://www.sshark.org/

-tom
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography