Re: Debian two-factor auth, GSoC?
On Fri, Apr 12, 2013 at 11:50:45PM +0100, Ben Hutchings wrote: On Fri, Apr 12, 2013 at 05:38:38PM -0500, Peter Samuelson wrote: [Russ Allbery] Oh, I thought they'd given up on Safe. For some reason it stuck in my mind that it had too many issues and ended up being deprecated. Apparently, I either made that up or misremembered something. Possibly you were thinking of suidperl, the hack to allow Perl programs to use setuid and setgid, working around the fact that most Unix kernels don't honor the setuid + setgid bits when launching #! scripts. suidperl was dropped some years ago because it had too many issues. No, it's this: http://search.cpan.org/~rgarcia/Safe-2.35/Safe.pm (I seem to remember using a very early version of this, which was the only way to run a CGI script in my web space at university. It was definitely very restricted, but then I wasn't a particularly inventive Perl programmer.) Does http://www.oucs.ox.ac.uk/web/faq/index.xml?ID=safeperl ring any bells? :) I don't think the code which uses Safe.pm to implement that environment (a perl program called cgiperl, plus a SUID root wrapper for privilege management) is really released anywhere, but it is just about limping along, although I seem to recall that we haven't managed to get it to work with anything more recent than 5.10 yet. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130413103912.gp4...@urchin.earth.li
Re: Debian two-factor auth, GSoC?
Please take your FUD elsewhere. It's an implementation of the JavaCard specification. It's not something that runs in your web browser, but they're both called applets. Does it require a JRE to be installed (which the security community avoids for good reason), if so then it does reduce your server/machine security, though you may deem it acceptable and obviously not to the same level as java browser applets which are basically putting up a rental sign to any site you visit. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/197663.15807...@smtp112.mail.ird.yahoo.com
Re: Debian two-factor auth, GSoC?
Kevin Chadwick ma1l1i...@yahoo.co.uk writes: Does it require a JRE to be installed (which the security community avoids for good reason), if so then it does reduce your server/machine security, Oh, for heaven's sake. I've been doing systems administration professionally for twenty years and maintaining and contributing to core computer security software for fifteen years. I am by any reasonable definition part of the security community, and I will tell you that installing a JRE on a system does nothing more to compromise the security of your system than installing a compiler or installing Python on your system. It's a PROGRAMMING LANGUAGE, people! Put the FUD down carefully and step away from the crack pipe. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87a9p21d4r@windlord.stanford.edu
Re: Debian two-factor auth, GSoC?
On Sat, 2013-04-13 at 18:46 +0100, Kevin Chadwick wrote: Please take your FUD elsewhere. It's an implementation of the JavaCard specification. It's not something that runs in your web browser, but they're both called applets. Does it require a JRE to be installed (which the security community avoids for good reason), if so then it does reduce your server/machine security, though you may deem it acceptable and obviously not to the same level as java browser applets which are basically putting up a rental sign to any site you visit. Debian is not Windows. We have separate packages for the JRE and the browser plugin. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings. signature.asc Description: This is a digitally signed message part
Re: Debian two-factor auth, GSoC?
Please take your FUD elsewhere. It's an implementation of the JavaCard specification. It's not something that runs in your web browser, but they're both called applets. Does it require a JRE to be installed (which the security community avoids for good reason), if so then it does reduce your server/machine security, though you may deem it acceptable and obviously not to the same level as java browser applets which are basically putting up a rental sign to any site you visit. Debian is not Windows. We have separate packages for the JRE and the browser plugin. What has Windows got to do with anything?!?! I am saying that just because something is less than terrible security wise, that doesn't stop it from reducing a machines security, some such as JRE even without plugins reduce security or increase attack and escalation vectors more than others. Obviously it is a balance of options and risk analysis. I'm just saying anything that requires a JRE would push it down my list if there are any choices and so not FUD as such but rather something that may be deemed as acceptable. Personally I wouldn't run a JAR on any server for example. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/669740.43213...@smtp132.mail.ir2.yahoo.com
Re: Debian two-factor auth, GSoC?
]] Thomas Goirand On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. Please take your FUD elsewhere. It's an implementation of the JavaCard specification. It's not something that runs in your web browser, but they're both called applets. Also, while I think the idea is nice, and that it would be a nice thing to *propose* it to all DDs, I think it would be annoying to actually *require* 2 factors auth from DDs (especially with the ssh keys on Alioth). We're unlikely to require it for all DDs. We are likely to require it for access to certain important hosts, but this shouldn't affect many people. Most likely just DSA. (Alioth isn't part of the Debian infrastructure in this context, so I'm not sure why you're mentioning it.) -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87obdkfe4x@qurzaw.varnish-software.com
Re: Debian two-factor auth, GSoC?
Thomas Goirand z...@debian.org writes: On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. You do realize that most of the Java vulnerabilities are vulnerabilities in the sandboxing model and therefore are only particularly interesting when you're downloading random untrustsed Java programs from the Internet and running them in the sandbox in your web browser, right? Those aren't flaws in the *language*. Sandboxing programming languages is very difficult; most languages don't even attempt it. Perl used to have a sandboxing module and gave up on it because it was too hard, thus making it even less secure than Java in that specific respect, but no one calls it a security nightmare. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8738uws0ow@windlord.stanford.edu
Re: Debian two-factor auth, GSoC?
On Thu, 11 Apr 2013, Russ Allbery wrote: Sandboxing programming languages is very difficult; most languages don't even attempt it. Perl used to have a sandboxing module and gave up on it because it was too hard, thus making it even less secure than Java in that specific respect, but no one calls it a security nightmare. It still exists; it's called Safe. It works fairly well, but it's really hard to balance actually being able to execute code that does anything useful with maintaining security. Don Armstrong -- I'd never hurt another living thing. But if I did... It would be you. -- Chris Bishop http://www.chrisbishop.com/her/archives/her69.html http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130412065537.gc15...@teltox.donarmstrong.com
Re: Debian two-factor auth, GSoC?
Don Armstrong d...@debian.org writes: On Thu, 11 Apr 2013, Russ Allbery wrote: Sandboxing programming languages is very difficult; most languages don't even attempt it. Perl used to have a sandboxing module and gave up on it because it was too hard, thus making it even less secure than Java in that specific respect, but no one calls it a security nightmare. It still exists; it's called Safe. It works fairly well, but it's really hard to balance actually being able to execute code that does anything useful with maintaining security. Oh, I thought they'd given up on Safe. For some reason it stuck in my mind that it had too many issues and ended up being deprecated. Apparently, I either made that up or misremembered something. Thanks for the correction! -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vc7sqldm@windlord.stanford.edu
Re: Debian two-factor auth, GSoC?
On 04/12/2013 02:37 PM, Tollef Fog Heen wrote: It's an implementation of the JavaCard specification. It's not something that runs in your web browser, but they're both called applets. Oh, that's right, sorry but it was quite confusing. I then withdraw what I wrote, of course. Thomas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5167cff8.8020...@debian.org
Re: Debian two-factor auth, GSoC?
On 04/12/2013 01:58 PM, Daniel Pocock wrote: There was never any suggestion to make something mandatory, I actually agree with those concerns Given the nature of Debian, it would be a personalised solution So, if a DD regularly accesses Debian infrastructure from a PC that he does not control (e.g. a work PC) he can choose to use TOTP instead of a password. A DD who always uses a personal laptop may prefer to use an ssh key. It is all about choice. With the right tools, DDs would have these choices each time they log in, or any one person can choose to make *OTP mandatory for their own login. So any potential GSoC project may involve making tools that allow DDs to set this up, the way they want, quickly - but only if they want it. This seems to be a very sensible approach indeed. Thomas P.S: Please don't CC me, I'm registered to the list. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5167d03c.4020...@debian.org
Re: Debian two-factor auth, GSoC?
On Thu 11 Apr 2013 19:29:40 Martin Zobel-Helas escribió: Hi, On Thu Apr 11, 2013 at 19:04:24 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió: [snip] Finally, if we are going to require DDs to have a physical object ^^ In other words: -1 from me. I read Luca's 'if' here as 'if, at all' I must admit I didn't. I'm not a native english speaker, but maybe I should have understood it. Anyway, I think my reaction to it shows what I think about the idea ;-) Kinds regards, and thanks Martin for the clarification :-) -- You know it's love when you memorize her IP number to skip DNS overhead. Anonymous Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
Re: Debian two-factor auth, GSoC?
On 11.04.2013 15:35, Paul Tagliamonte wrote: Completely unrelated to it's GSoC-eyness (which I would love to see, quick, put it on the ideas page and put interested parties as mentors!), I really hate the idea of loosing an unencrypted copy of my GPG private half. I misplace everything, I don't need someone finding a copy of my GPG key and abusing it :) -T This is where you can use something like libgfshare that will split the file up into multiple parts and requires a certain amount of them to reconstruct the original. Part of my backup policy is to use libgfshare to split my primary private key (as my subkeys I'm not worried about as they can be revoked and new ones re-issued easily enough along with the fact I've moved to storing my RSA subkeys on OpenPGP card) and storing them in different locations and having a few parts held by trusted individuals but can not be reconstructed and put back together without parts from both trusted holders and multiple storage locations (both physical and online). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/013dfe783e1b-53014d93-e665-465f-9710-c9fe5dce96fc-000...@email.amazonses.com
Re: Debian two-factor auth, GSoC?
On Thu, Apr 11, 2013 at 11:49:35PM -0700, Russ Allbery wrote: Thomas Goirand z...@debian.org writes: On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. You do realize that most of the Java vulnerabilities are vulnerabilities in the sandboxing model and therefore are only particularly interesting when you're downloading random untrustsed Java programs from the Internet and running them in the sandbox in your web browser, right? Those aren't flaws in the *language*. They aren't, but the security model for managing java applets in your browser is effectively a boolean: yes, I want to allow java applets in my browser, vs. no, the Internet is dark and full of terrors, keep that off my system. There may be third-party plugins that allow you to manage your browser's policy in a more fine-grained manner, but unless those are shipped in Debian and we want to make enabling them an explicit part of the instructions for use of this proposed system (... or implicit, by making such a tool a dependency of the Java plugin package itself!), I think it's a very bad idea for Debian to get entangled with any such implementation. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Re: Debian two-factor auth, GSoC?
Steve Langasek vor...@debian.org writes: On Thu, Apr 11, 2013 at 11:49:35PM -0700, Russ Allbery wrote: Thomas Goirand z...@debian.org writes: On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. You do realize that most of the Java vulnerabilities are vulnerabilities in the sandboxing model and therefore are only particularly interesting when you're downloading random untrustsed Java programs from the Internet and running them in the sandbox in your web browser, right? Those aren't flaws in the *language*. They aren't, but the security model for managing java applets in your browser is effectively a boolean: yes, I want to allow java applets in my browser, vs. no, the Internet is dark and full of terrors, keep that off my system. There may be third-party plugins that allow you to manage your browser's policy in a more fine-grained manner, but unless those are shipped in Debian and we want to make enabling them an explicit part of the instructions for use of this proposed system (... or implicit, by making such a tool a dependency of the Java plugin package itself!), I think it's a very bad idea for Debian to get entangled with any such implementation. Yes, but as mentioned, that doesn't have anything to do with this. Java Card applets don't have anything to do with web browsers. http://en.wikipedia.org/wiki/Java_Card One is obviously very, very careful about identifying the source and integrity of software before one installs it on one's smart card and generally only runs one Java Card applet at a time, which makes the issues with browser-based applets moot. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874nfbeify@windlord.stanford.edu
Re: Debian two-factor auth, GSoC?
[Russ Allbery] Oh, I thought they'd given up on Safe. For some reason it stuck in my mind that it had too many issues and ended up being deprecated. Apparently, I either made that up or misremembered something. Possibly you were thinking of suidperl, the hack to allow Perl programs to use setuid and setgid, working around the fact that most Unix kernels don't honor the setuid + setgid bits when launching #! scripts. suidperl was dropped some years ago because it had too many issues. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130412223838.gy4...@p12n.org
Re: Debian two-factor auth, GSoC?
On Fri, Apr 12, 2013 at 05:38:38PM -0500, Peter Samuelson wrote: [Russ Allbery] Oh, I thought they'd given up on Safe. For some reason it stuck in my mind that it had too many issues and ended up being deprecated. Apparently, I either made that up or misremembered something. Possibly you were thinking of suidperl, the hack to allow Perl programs to use setuid and setgid, working around the fact that most Unix kernels don't honor the setuid + setgid bits when launching #! scripts. suidperl was dropped some years ago because it had too many issues. No, it's this: http://search.cpan.org/~rgarcia/Safe-2.35/Safe.pm (I seem to remember using a very early version of this, which was the only way to run a CGI script in my web space at university. It was definitely very restricted, but then I wasn't a particularly inventive Perl programmer.) Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130412225045.gp2...@decadent.org.uk
Debian two-factor auth, GSoC?
Fedora recently put in Yubikey for their packagers[1], although they are only half way there, supporting sudo but not web auth so far. Similar things could probably happen in Debian. I've proposed two-factor authentication as a potential area for a GSoC project[2], two things come up: a) would anyone else be interested in co-mentoring in this area (e.g. development of tools to support/administer two factor auth)? b) would anyone be interested in seeing this in Debian infrastructure, has it been discussed before, and could this provide guidance to any students proposing a project in this area? Even if you don't have time to formally commit to GSoC, it would be useful to have feedback from people who have experienced this in other projects and would like to see it in Debian. 1. https://fedoraproject.org/wiki/Infrastructure/Yubikey 2. http://wiki.debian.org/SummerOfCode2013/Projects#One-time-password_.28token.29_based_authentication_and_transactions -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5166fca0.70...@pocock.com.au
Re: Debian two-factor auth, GSoC?
Hi, DSA are already looking at two factor authentication, but TOTP based rather than HOTP. There are plenty of TOTP calculators that could be deployed on smart phones, etc. rather than requiring DDs to own a YubiKey (and have USB port available... i wonder if my iPad has a USB port...). Interestingly, OpenSSH 6.2 (just released) now offers two-factor authentication so we can augment ssh keys with TOTP. Aslo, we have sso.debian.org, whose use we should expand. I can help with a GSoC but I think DSA would prefer to lean in the direction of the above. Finally, if we are going to require DDs to have a physical object, I'm more in favour of an OpenPGP token than an OTP token. The OpenPGP token could then power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that with OTP, and we have quite strong overall solution, I think. Let me know your thoughts, Luca On Thu, Apr 11, 2013 at 08:10:40PM +0200, Daniel Pocock wrote: Fedora recently put in Yubikey for their packagers[1], although they are only half way there, supporting sudo but not web auth so far. Similar things could probably happen in Debian. I've proposed two-factor authentication as a potential area for a GSoC project[2], two things come up: a) would anyone else be interested in co-mentoring in this area (e.g. development of tools to support/administer two factor auth)? b) would anyone be interested in seeing this in Debian infrastructure, has it been discussed before, and could this provide guidance to any students proposing a project in this area? Even if you don't have time to formally commit to GSoC, it would be useful to have feedback from people who have experienced this in other projects and would like to see it in Debian. 1. https://fedoraproject.org/wiki/Infrastructure/Yubikey 2. http://wiki.debian.org/SummerOfCode2013/Projects#One-time-password_.28token.29_based_authentication_and_transactions -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5166fca0.70...@pocock.com.au -- Luca Filipozzi http://www.crowdrise.com/SupportDebian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130411190440.ga32...@emyr.net
Re: Debian two-factor auth, GSoC?
]] Luca Filipozzi I can help with a GSoC but I think DSA would prefer to lean in the direction of the above. I'm also happy to help with it. I have a bit of experience with the yubikey tokens, and at least one of the upstreams is on the path to DDship, so I think we're reasonably well covered there. Finally, if we are going to require DDs to have a physical object, I'm more in favour of an OpenPGP token than an OTP token. The OpenPGP token could then power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that with OTP, and we have quite strong overall solution, I think. The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/m2a9p43m5t@rahvafeir.err.no
Re: Debian two-factor auth, GSoC?
On Thu, Apr 11, 2013 at 09:25:02PM +0200, Tollef Fog Heen wrote: ]] Luca Filipozzi I can help with a GSoC but I think DSA would prefer to lean in the direction of the above. I'm also happy to help with it. I have a bit of experience with the yubikey tokens, and at least one of the upstreams is on the path to DDship, so I think we're reasonably well covered there. Finally, if we are going to require DDs to have a physical object, I'm more in favour of an OpenPGP token than an OTP token. The OpenPGP token could then power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that with OTP, and we have quite strong overall solution, I think. The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Completely unrelated to it's GSoC-eyness (which I would love to see, quick, put it on the ideas page and put interested parties as mentors!), I really hate the idea of loosing an unencrypted copy of my GPG private half. I misplace everything, I don't need someone finding a copy of my GPG key and abusing it :) -T -- .''`. Paul Tagliamonte paul...@debian.org : :' : Proud Debian Developer `. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `- http://people.debian.org/~paultag signature.asc Description: Digital signature
Re: Debian two-factor auth, GSoC?
On 11/04/13 21:25, Tollef Fog Heen wrote: ]] Luca Filipozzi I can help with a GSoC but I think DSA would prefer to lean in the direction of the above. I'm also happy to help with it. I have a bit of experience with the yubikey tokens, and at least one of the upstreams is on the path to DDship, so I think we're reasonably well covered there. Simon has actually asked me to review his Yubikey related packages, they are on mentors already and any other reviews would be really helpful for something like this: http://mentors.debian.net/package/yubikey-ksm http://mentors.debian.net/package/yubikey-val Finally, if we are going to require DDs to have a physical object, I'm more in favour of an OpenPGP token than an OTP token. The OpenPGP token could then power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that with OTP, and we have quite strong overall solution, I think. The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. My dynalogin 0.9 packages in wheezy only support HOTP, but the 1.0 release (currently parked in experimental) supports TOTP too. dynalogin isn't really an algorithm itself, it is just a transport mechanism for using this stuff within a distributed environment. Underneath, it is Simon's oath-toolkit library doing the algorithms. As for the GSoC project, the packages mentioned on the wiki are just examples and the scope is potentially quite broad -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/516710d5.8060...@pocock.com.au
Re: Debian two-factor auth, GSoC?
On Thu, Apr 11, 2013 at 07:04:40PM +, Luca Filipozzi wrote: Aslo, we have sso.debian.org, whose use we should expand. I'd love to see that. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130411194818.GA21214@debian
Re: Debian two-factor auth, GSoC?
Hi, Aslo, we have sso.debian.org, whose use we should expand. DACS (http://dacs.dss.ca) the software behind sso.debian.org also support one-time passwords [1]. I had no time yet to setup anything regarding this, but I welcome help. Cheers, Martin [1] http://dacs.dss.ca/man/dacstoken.1.html -- Martin Zobel-Helas zo...@debian.orgDebian System Administrator Debian GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130411200817.gb19...@ftbfs.de
Re: Debian two-factor auth, GSoC?
On Thu, Apr 11, 2013 at 03:35:35PM -0400, Paul Tagliamonte wrote: I really hate the idea of loosing an unencrypted copy of my GPG private half. I misplace everything, I don't need someone finding a copy of my GPG key and abusing it :) You write the private key to the token. You can't read it back. You then send stuff through the token to be encrypted / signed. And you still need your passphrase. At least that's how I understand it. -- Luca Filipozzi http://www.crowdrise.com/SupportDebian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130411203919.ga2...@emyr.net
Re: Debian two-factor auth, GSoC?
On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió: [snip] Finally, if we are going to require DDs to have a physical object Then the project would possibly start loosing contributors like me, who have lots of problems with customs and getting dollars, specially if it's about technological stuff. And then let's talk about taxes... In other words: -1 from me. -- The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. George Bernard Shaw Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
Re: Debian two-factor auth, GSoC?
Hi, On Thu Apr 11, 2013 at 19:04:24 -0300, Lisandro Damián Nicanor Pérez Meyer wrote: On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió: [snip] Finally, if we are going to require DDs to have a physical object ^^ || In other words: -1 from me. I read Luca's 'if' here as 'if, at all' -- Martin Zobel-Helas zo...@debian.orgDebian System Administrator Debian GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130411222940.gc19...@ftbfs.de
Re: Debian two-factor auth, GSoC?
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. Also, while I think the idea is nice, and that it would be a nice thing to *propose* it to all DDs, I think it would be annoying to actually *require* 2 factors auth from DDs (especially with the ssh keys on Alioth). Thomas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5167a1f7.9070...@debian.org
Re: Debian two-factor auth, GSoC?
On 12/04/13 07:56, Thomas Goirand wrote: On 04/12/2013 03:25 AM, Tollef Fog Heen wrote: The Yubikey neo can run the java applet thingies, it seems, so it can act as a GPG token too. Please, please, please ... no java!!! That's a security nightmare. I think we'd be less safe with than without it. Also, while I think the idea is nice, and that it would be a nice thing to *propose* it to all DDs, I think it would be annoying to actually *require* 2 factors auth from DDs (especially with the ssh keys on Alioth). There was never any suggestion to make something mandatory, I actually agree with those concerns Given the nature of Debian, it would be a personalised solution So, if a DD regularly accesses Debian infrastructure from a PC that he does not control (e.g. a work PC) he can choose to use TOTP instead of a password. A DD who always uses a personal laptop may prefer to use an ssh key. It is all about choice. With the right tools, DDs would have these choices each time they log in, or any one person can choose to make *OTP mandatory for their own login. So any potential GSoC project may involve making tools that allow DDs to set this up, the way they want, quickly - but only if they want it. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5167a297.4090...@pocock.com.au