Re: [kde-community] KDE Sysadmin and GPG Encryption
On 7/27/2016 6:01 AM, Thomas Pfeiffer wrote: On 27.07.2016 00:17, Jeff Mitchell wrote: I would avoid reading much, if anything at all, into what Boudhayan wrote, both from the perspective of the sysadmin team and even Boudhayan himself. --Jeff I don't see any "reading into" in any of the replies so far. People have just reacted to things that Boudhayan wrote very explicitly in his email. Pretty bad things could be "read into" that email easily, if one wanted to. I'm glad nobody did that, we've had enough drama on this list in recent months. I don't see why we should avoid reacting to what was explicitly said, though, and that's what people did. The email wasn't GPG-signed, so you can't trust or believe anything that was in it. --Jeff ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
Hi Harald, On 27 July 2016 at 15:36, Harald Sitterwrote: > +1 > > If it helps the cause I'll fly around the world on my own dime and > web-up everyone in the sysadmin team who otherwise doesn't go to KDE > meetups so you have at least one link that connects you to the rest of > the world. I haven't had a proper vacation in years anyway ;) I'm going to take you up on that. Would you like to see the Taj Mahal? :P -- Boudhayan > > On Tue, Jul 26, 2016 at 11:46 PM, Ingo Klöcker wrote: >> On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote: >>> On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote: >>> > 2) GPG doesn't simply encrypt the email, but also digitally signs >>> > it. >>> > Signatures are required to prove the authenticity of the email, and >>> > to detect if it was tampered with. However, given our email >>> > infrastructure, a GPG signature is meaningless. Anyone can create a >>> > GPG key, encrypt the email and send it out. To trust the public key, >>> > it would have to be either (a) distributed in a trustable way, which >>> > brings us to the same sitation as the SSH host key, (b) signed by >>> > another trusted entity (a person), after a face-to-face meeting, or >>> > (c) signed by members of a web of trust (which recursively requires >>> > one of (a) and (b)). Given we live in such physically diverse >>> > location (in fact, Ben lives in New Zealand; meeting enough KDE >>> > contributors face to face willing to sign his key is prohibitvely >>> > time, effort and finance consuming). If you can't establish trust >>> > of a GPG public key, the signature is meaningless. >>> >>> I strongly disagree with this. While it is complicated in Ben's case, >>> we had GPG signing party at the past Akademy and we can rebuild the >>> web of trust. Debian works like this. We can have one at the QtCon >>> (with also people from other communities including FSFE). So >>> *signing* the announcement emails should not be discouraged like it >>> is in this email. >> >> I very much agree with Luigi. IMHO, OpenPGP signatures are the most >> trustworthy kind of proof of authenticity (provided the key fingerprint >> has been verified in a way that's as secure as a face-to-face meeting >> and that the key's owner takes good care of her key). >> >> >> I disagree that it's difficult for the admin team to verify and then >> sign Ben key. For example, I think that this could be done via a voice >> chat provided the admin team regularly does voice chats and therefore >> recognizes Ben's voice. I don't care whether Ben's really called Ben and >> lives in New Zealand. All that I care for is that the admin known to us >> as Ben has sent the announcement with the new server fingerprint. And >> this I could have asserted easily, if the admin team would have cross- >> signed their OpenPGP keys and I would have verified the OpenPGP keys of >> one, or better two, admin in a keysigning meeting, e.g. at Akademy. >> >> >> I agree that encrypting the public information about the server >> fingerprint would not have made any sense, but I guess that the people >> who complained actually wanted the message to be signed rather than be >> encrypted. OTOH, claiming that "GPG encryption is fundamentally broken" >> is unacceptable. GPG encryption is anything but broken (if it's used in >> the right way, i.e. to encrypt information exchanged between parties who >> have verified their OpenPGP key). >> >> >> Regards, >> Ingo >> >> ___ >> kde-community mailing list >> kde-community@kde.org >> https://mail.kde.org/mailman/listinfo/kde-community > ___ > kde-community mailing list > kde-community@kde.org > https://mail.kde.org/mailman/listinfo/kde-community ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
On 27.07.2016 00:17, Jeff Mitchell wrote: I would avoid reading much, if anything at all, into what Boudhayan wrote, both from the perspective of the sysadmin team and even Boudhayan himself. --Jeff I don't see any "reading into" in any of the replies so far. People have just reacted to things that Boudhayan wrote very explicitly in his email. Pretty bad things could be "read into" that email easily, if one wanted to. I'm glad nobody did that, we've had enough drama on this list in recent months. I don't see why we should avoid reacting to what was explicitly said, though, and that's what people did. ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
Hey, > I strongly disagree with this. While it is complicated in Ben's case, we had > GPG signing party at the past Akademy and we can rebuild the web of trust. > Debian works like this. We can have one at the QtCon (with also people from > other communities including FSFE). So *signing* the announcement emails > should not be discouraged like it is in this email. +1 For me DKIM is another layer of security. GPG encryption doesn't help anything is order of verifiing it, that is correct. But I think all others mean GPG signatures. GPG Signatures are created at the sending computer, so with a GPG signed mail I can be sure, that the mail was not touched my anyone. DKIM starts with the first mailserver that supports DKIM. Nobody guarantees, that the senders mailserver is trustworthy. @Boudhayan: Only with this this longer explainations I can understand, that the mail shouldn't be tampered in between. But keep in mind that every mailserver and send a mail with a fake sender mailadress and have valid DKIM. So you would also need to verify SPF/SRS... In the end GPG signatures would help, because they can also been used as TOFU (trust on first use). I trust the gpg keys I get first for a mailadress, together with the informations, that I know, that you used your key multiple times for sending and never complains, that the key is wrong gives also a strong security. With a key signing party we can raise the security level additionally. regards, sandro signature.asc Description: This is a digitally signed message part. ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
I would avoid reading much, if anything at all, into what Boudhayan wrote, both from the perspective of the sysadmin team and even Boudhayan himself. --Jeff On 7/26/2016 5:46 PM, Ingo Klöcker wrote: On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote: On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote: 2) GPG doesn't simply encrypt the email, but also digitally signs it. Signatures are required to prove the authenticity of the email, and to detect if it was tampered with. However, given our email infrastructure, a GPG signature is meaningless. Anyone can create a GPG key, encrypt the email and send it out. To trust the public key, it would have to be either (a) distributed in a trustable way, which brings us to the same sitation as the SSH host key, (b) signed by another trusted entity (a person), after a face-to-face meeting, or (c) signed by members of a web of trust (which recursively requires one of (a) and (b)). Given we live in such physically diverse location (in fact, Ben lives in New Zealand; meeting enough KDE contributors face to face willing to sign his key is prohibitvely time, effort and finance consuming). If you can't establish trust of a GPG public key, the signature is meaningless. I strongly disagree with this. While it is complicated in Ben's case, we had GPG signing party at the past Akademy and we can rebuild the web of trust. Debian works like this. We can have one at the QtCon (with also people from other communities including FSFE). So *signing* the announcement emails should not be discouraged like it is in this email. I very much agree with Luigi. IMHO, OpenPGP signatures are the most trustworthy kind of proof of authenticity (provided the key fingerprint has been verified in a way that's as secure as a face-to-face meeting and that the key's owner takes good care of her key). I disagree that it's difficult for the admin team to verify and then sign Ben key. For example, I think that this could be done via a voice chat provided the admin team regularly does voice chats and therefore recognizes Ben's voice. I don't care whether Ben's really called Ben and lives in New Zealand. All that I care for is that the admin known to us as Ben has sent the announcement with the new server fingerprint. And this I could have asserted easily, if the admin team would have cross- signed their OpenPGP keys and I would have verified the OpenPGP keys of one, or better two, admin in a keysigning meeting, e.g. at Akademy. I agree that encrypting the public information about the server fingerprint would not have made any sense, but I guess that the people who complained actually wanted the message to be signed rather than be encrypted. OTOH, claiming that "GPG encryption is fundamentally broken" is unacceptable. GPG encryption is anything but broken (if it's used in the right way, i.e. to encrypt information exchanged between parties who have verified their OpenPGP key). Regards, Ingo ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote: > On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote: > > 2) GPG doesn't simply encrypt the email, but also digitally signs > > it. > > Signatures are required to prove the authenticity of the email, and > > to detect if it was tampered with. However, given our email > > infrastructure, a GPG signature is meaningless. Anyone can create a > > GPG key, encrypt the email and send it out. To trust the public key, > > it would have to be either (a) distributed in a trustable way, which > > brings us to the same sitation as the SSH host key, (b) signed by > > another trusted entity (a person), after a face-to-face meeting, or > > (c) signed by members of a web of trust (which recursively requires > > one of (a) and (b)). Given we live in such physically diverse > > location (in fact, Ben lives in New Zealand; meeting enough KDE > > contributors face to face willing to sign his key is prohibitvely > > time, effort and finance consuming). If you can't establish trust > > of a GPG public key, the signature is meaningless. > > I strongly disagree with this. While it is complicated in Ben's case, > we had GPG signing party at the past Akademy and we can rebuild the > web of trust. Debian works like this. We can have one at the QtCon > (with also people from other communities including FSFE). So > *signing* the announcement emails should not be discouraged like it > is in this email. I very much agree with Luigi. IMHO, OpenPGP signatures are the most trustworthy kind of proof of authenticity (provided the key fingerprint has been verified in a way that's as secure as a face-to-face meeting and that the key's owner takes good care of her key). I disagree that it's difficult for the admin team to verify and then sign Ben key. For example, I think that this could be done via a voice chat provided the admin team regularly does voice chats and therefore recognizes Ben's voice. I don't care whether Ben's really called Ben and lives in New Zealand. All that I care for is that the admin known to us as Ben has sent the announcement with the new server fingerprint. And this I could have asserted easily, if the admin team would have cross- signed their OpenPGP keys and I would have verified the OpenPGP keys of one, or better two, admin in a keysigning meeting, e.g. at Akademy. I agree that encrypting the public information about the server fingerprint would not have made any sense, but I guess that the people who complained actually wanted the message to be signed rather than be encrypted. OTOH, claiming that "GPG encryption is fundamentally broken" is unacceptable. GPG encryption is anything but broken (if it's used in the right way, i.e. to encrypt information exchanged between parties who have verified their OpenPGP key). Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
Re: [kde-community] KDE Sysadmin and GPG Encryption
On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote: > 2) GPG doesn't simply encrypt the email, but also digitally signs it. > Signatures are required to prove the authenticity of the email, and to > detect if it was tampered with. However, given our email > infrastructure, a GPG signature is meaningless. Anyone can create a > GPG key, encrypt the email and send it out. To trust the public key, > it would have to be either (a) distributed in a trustable way, which > brings us to the same sitation as the SSH host key, (b) signed by > another trusted entity (a person), after a face-to-face meeting, or > (c) signed by members of a web of trust (which recursively requires > one of (a) and (b)). Given we live in such physically diverse location > (in fact, Ben lives in New Zealand; meeting enough KDE contributors > face to face willing to sign his key is prohibitvely time, effort and > finance consuming). If you can't establish trust of a GPG public key, > the signature is meaningless. I strongly disagree with this. While it is complicated in Ben's case, we had GPG signing party at the past Akademy and we can rebuild the web of trust. Debian works like this. We can have one at the QtCon (with also people from other communities including FSFE). So *signing* the announcement emails should not be discouraged like it is in this email. -- Luigi ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community
[kde-community] KDE Sysadmin and GPG Encryption
Hi all, After an email was sent to all developers with commit access on the kde-cvs-announce mailing list with the new SSH host keys of the machine, we've received complaints that the email contained sensitive information and was not GPG encrypted. We would like to say that GPG-encrypting the email would not have added anything to the security of the email, and would have simply been an added hassle. Because of the way GPG encryption is fundamentally broken, we will *not* be encrypting any emails sent out by us with GPG. A more detailed explanation follows. 1) The keys that we sent out were *public* keys. In asymmetric cryptography, public keys are called public keys because they can be known by the world - in fact, they *have* to be known by the world. In simple terms, the public key is used to encrypt data; the private key is used to decrypt data. Anyone can encrypt data and send it to someone, but the recipient must have the private key in order to be able to decrypt and read it. The private key is the key that has to be kept secure, not the public key. There is no loss of security if the public keys are disclosed. Therfore, encrypting the email to hide the key from unintended recipients has no use. 2) GPG doesn't simply encrypt the email, but also digitally signs it. Signatures are required to prove the authenticity of the email, and to detect if it was tampered with. However, given our email infrastructure, a GPG signature is meaningless. Anyone can create a GPG key, encrypt the email and send it out. To trust the public key, it would have to be either (a) distributed in a trustable way, which brings us to the same sitation as the SSH host key, (b) signed by another trusted entity (a person), after a face-to-face meeting, or (c) signed by members of a web of trust (which recursively requires one of (a) and (b)). Given we live in such physically diverse location (in fact, Ben lives in New Zealand; meeting enough KDE contributors face to face willing to sign his key is prohibitvely time, effort and finance consuming). If you can't establish trust of a GPG public key, the signature is meaningless. 3) We have a much stronger way of establishing the authenticity of the email: DKIM. Both GMail and the KDE email servers publish DKIM public keys through their DNS servers, and digitally sign every mail with a DKIM signature. All major webmail providers and email clients *verify* said DKIM signature automatically, and if it doesn't match, sends it directly to Spam, with a visible warning saying the DKIM signature could not be verified. You can inspect the headers of the email to be sure it originated from a KDE server, and verify the DKIM signature to authenticate the email. 4) The kde-cvs-announce email ID, in particular, is very secure. All emails sent through that list have to be manually authorised. A random person with the ability to send emails through KDE Postbox cannot simply send an email as kde-cvs-announce. 5) If you don't trust your DNS provider and suspect that the DKIM public key that you get via DNS has been tampered with, you can independently verify it from our DNS server configuration, either by resolving against byte.kde.org, or from the git repo at git://anongit.kde.org/sysadmin/dns.git As your system administrators, we take good care to ensure our systems are not compromised, and the authenticity of our servers and messages can always be verified. In between all the members of our team, we have significant practical experience securing servers. I personally have an academic interest in cryptography and information security, especially in provable security. Importantly, this means we *know* what cryptographic measures actually add to the security of our systems, and which cryptographic measures only act to calm the paranoid while adding absolutely no amount of additional security (and this can be quantified, measured and mathematically verified, mind) to our systems. We will do everything we can to improve our systems re. the former point, but we will not implement any measure that simply serve the latter point. Thanks, Boudhayan Gupta KDE Sysadmin ___ kde-community mailing list kde-community@kde.org https://mail.kde.org/mailman/listinfo/kde-community