Re: [gentoo-dev] [RFC] New project: Crypto
On Tue, Dec 29, 2015 at 8:58 AM, Kristian Fiskerstrandwrote: > > On 12/28/2015 07:35 PM, Rich Freeman wrote: >> On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand >> wrote: On 28 Dec 2015, at 15:58, James Le Cuirot wrote: > > >> That concern is hardly unique to phones. PCs suffer just as much >> from this problem. The solution could potentially be the same. >> For > > But here we already have smartcards (that everyone should and _is_ > using... right?) I imagine that smartcards have about as much support on mobile as they do on PCs, which is to say not much. Sure, you can make it work, but software support for signing stuff is limited in general, let alone support for doing it with smartcards. > >> signing it is a straightforward problem since there is nothing to >> be kept secret except the key material itself (just send the >> message to the signing device, and return the signature back). For >> encryption > > for clarity (and what I think you already mean), the message in this > case is the message to be signed (which is likely a blinded hash or > something, so much shorter than the original data) If you don't display the plaintext on the device doing the signing, then you're vulnerable to a MITM unless you trust your PC, but if you trusted your PC you wouldn't need the signing device. The only thing a smartcard does is protects the private key itself. It doesn't protect you from manipulation of the data to be signed, or theft of plaintext, etc. > > Indeed, but at least the device won't be able to decrypt further > communication as it'd only have access to the session key of the > particular message. Loosing control of the private (sub)key is > substantially worse, so that might actually be ok for the security > parameters of the users. I agree, there are degrees of failure. > > This already happen in several countries, including Germany and on a > semi-related variant Norway (its government approved to sign > electronically using BankID, where the banks does the verification). > In germany there is even a CA that checks the government ID and > certify OpenPGP keys based on it. > That is at least a step up. Should we require or at least recommend government-signed keys for Gentoo in the few jurisdictions that provide them? I guess the main concern would be if we wanted to allow anonymity. So many problems would be solved if a signature using a secure device was required for every financial transaction. Just stick the PIN pad on the signing device with a small display. The device is given a message to sign including the date, amount to be authorized, and who is getting paid. The device displays this info on its screen and prompts for a PIN. For the problem of payment authorization that would eliminate almost all forms of fraud that don't involve holding somebody at gunpoint (and you could have a duress PIN and an encrypted field in the authorization large enough to hold either a padded all clear or an under-duress message with the timestamp and GPS coordinates that only the bank could read). In the US everybody seems to be afraid of big brother but big brother has enough big data that he doesn't really need you to use his fancy signing device anyway. -- Rich
Re: [gentoo-dev] [RFC] New project: Crypto
I have talked to the YubiKey people at a few shows (BlackHat), and they told me that they are looking at Bluetooth key store. To work with iPad and Android. That would be great, but the problem is programs that can use that. On 12/28/15 10:07 AM, Kristian Fiskerstrand wrote: > > > [Sent from my iPad, as it is not a secured device there are no cryptographic > keys on this device, meaning this message is sent without an OpenPGP > signature. In general you should *not* rely on any information sent over such > an unsecure channel, if you find any information controversial or un-expected > send a response and request a signed confirmation] > >> On 28 Dec 2015, at 15:58, James Le Cuirotwrote: >> >> On Mon, 28 Dec 2015 09:42:40 -0500 >> Rich Freeman wrote: >>> > > .. > >>> And this would be why I don't bother to sign my emails any longer. >>> The FOSS world is still stuck in the days when people ran X11-based >>> MUAs and stored their mail in conventional folders. I've yet to see a >>> decent browser-based MUA or Android client which does signing. >>> Squirrelmail does, but it is really lacking compared to something like >>> Gmail. >> >> I haven't tried the feature myself but K9 Mail, which is highly >> regarded, does it via APG on Android. > > > iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things > happening with OpenKeychain (https://www.openkeychain.org/k-9/ ) in that > regard. We actually discussed it a bit during last OpenPGP summit in zurich. > > The main issue is key storage, though. For signatures you can use a dedicated > signing subkey, however you get in problem with encrypted emails as mobile > devices are not really secure devices and should never have cryptographic > material. What could work in this case is a NFC (or for that matter > bluetooth, although it needs to be properly paired etc etc) channel with a > separate device with a separate keychain and display so you can verify the > request, and never actually expose private key material to the cellphone. > > In the mean time I just include the notice whenever I don't sign, at least > some people notice it and gives it another thought. > -- signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [RFC] New project: Crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/28/2015 07:35 PM, Rich Freeman wrote: > On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand >wrote: >>> On 28 Dec 2015, at 15:58, James Le Cuirot >>> wrote: >>> > That concern is hardly unique to phones. PCs suffer just as much > from this problem. The solution could potentially be the same. > For But here we already have smartcards (that everyone should and _is_ using... right?) > signing it is a straightforward problem since there is nothing to > be kept secret except the key material itself (just send the > message to the signing device, and return the signature back). For > encryption for clarity (and what I think you already mean), the message in this case is the message to be signed (which is likely a blinded hash or something, so much shorter than the original data) > you have additional challenges if you want to be able to make any > use of the plaintext without it getting stolen - once decrypted it > is only secure as any device that comes in contact with it. And > there is no Indeed, but at least the device won't be able to decrypt further communication as it'd only have access to the session key of the particular message. Loosing control of the private (sub)key is substantially worse, so that might actually be ok for the security parameters of the users. > reason that mobile and browser frameworks couldn't talk to such > devices with the right standards. > > If it were up to me the government would hand out signing devices > just as they hand out passports. This already happen in several countries, including Germany and on a semi-related variant Norway (its government approved to sign electronically using BankID, where the banks does the verification). In germany there is even a CA that checks the government ID and certify OpenPGP keys based on it. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWgpGGAAoJECULev7WN52FHM4H/3hRy9UcmNtQ9cXOKR6xvwPy jso78Adi2EP4rGdMJrczBO7ymG5NSxF3rtVel1UjyYfT8x3MEgPfyyG26yGUOo6X tyL5dBiZ6dLCDMDAJdc3tTuLkgaRCkyPZFva6qOp3DgHMAez+wQTKTkmzpMGmG8M UxqrUWOS/7cGx5Dp+GOYWqd6nx+xrzwg63UbZqstwpPGZVp1BzI/Cat0KQv2j+q1 SU7IKvl4B2HmuL7BeZrc1H7Vj4BmUC1bgw5jnaA0E5oAsHvYefVxBQkt6sroxrbJ 8cXm4NGFRrLf4YkO/x7T7CRxnVLcGKdNkrKJDquCcsPHbc9oR44JBiXdO4OaWd4= =dIzk -END PGP SIGNATURE-
Re: [gentoo-dev] [RFC] New project: Crypto
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation] > On 28 Dec 2015, at 15:58, James Le Cuirotwrote: > > On Mon, 28 Dec 2015 09:42:40 -0500 > Rich Freeman wrote: >> .. >> And this would be why I don't bother to sign my emails any longer. >> The FOSS world is still stuck in the days when people ran X11-based >> MUAs and stored their mail in conventional folders. I've yet to see a >> decent browser-based MUA or Android client which does signing. >> Squirrelmail does, but it is really lacking compared to something like >> Gmail. > > I haven't tried the feature myself but K9 Mail, which is highly > regarded, does it via APG on Android. iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things happening with OpenKeychain (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it a bit during last OpenPGP summit in zurich. The main issue is key storage, though. For signatures you can use a dedicated signing subkey, however you get in problem with encrypted emails as mobile devices are not really secure devices and should never have cryptographic material. What could work in this case is a NFC (or for that matter bluetooth, although it needs to be properly paired etc etc) channel with a separate device with a separate keychain and display so you can verify the request, and never actually expose private key material to the cellphone. In the mean time I just include the notice whenever I don't sign, at least some people notice it and gives it another thought.
Re: [gentoo-dev] [RFC] New project: Crypto
On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrandwrote: > > > [Sent from my iPad, as it is not a secured device there are no cryptographic > keys on this device, > meaning this message is sent without an OpenPGP signature. In general you > should *not* rely on > any information sent over such an unsecure channel, if you find any > information controversial or > un-expected send a response and request a signed confirmation] And this would be why I don't bother to sign my emails any longer. The FOSS world is still stuck in the days when people ran X11-based MUAs and stored their mail in conventional folders. I've yet to see a decent browser-based MUA or Android client which does signing. Squirrelmail does, but it is really lacking compared to something like Gmail. -- Rich
Re: [gentoo-dev] [RFC] New project: Crypto
On Mon, 28 Dec 2015 09:42:40 -0500 Rich Freemanwrote: > On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrand > wrote: > > > > > > [Sent from my iPad, as it is not a secured device there are no > > cryptographic keys on this device, meaning this message is sent > > without an OpenPGP signature. In general you should *not* rely on > > any information sent over such an unsecure channel, if you find any > > information controversial or un-expected send a response and > > request a signed confirmation] > > And this would be why I don't bother to sign my emails any longer. > The FOSS world is still stuck in the days when people ran X11-based > MUAs and stored their mail in conventional folders. I've yet to see a > decent browser-based MUA or Android client which does signing. > Squirrelmail does, but it is really lacking compared to something like > Gmail. > I haven't tried the feature myself but K9 Mail, which is highly regarded, does it via APG on Android. -- James Le Cuirot (chewi) Gentoo Linux Developer pgpZQv7sb95B6.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] [RFC] New project: Crypto
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation] > On 27 Dec 2015, at 23:49, Andrew Savchenkowrote: > > Hi! > >> On Wed, 25 Nov 2015 21:21:37 +0100 Kristian Fiskerstrand wrote: >>> ... > >> I'm trying to reclaim the #gentoo-crypto channel for now, would be >> nice to have a place for coordination corresponding to the project > > Any progress here? > Yeah, we have control :) K_F
Re: [gentoo-dev] [RFC] New project: Crypto
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation] > On 28 Dec 2015, at 16:07, Kristian Fiskerstrandwrote: > > > The main issue is key storage, though. For signatures you can use a dedicated > signing subkey, however you get in problem with encrypted emails as mobile > devices are not really secure devices and should never have cryptographic > material. What could work in this case is a NFC (or for that matter > bluetooth, although it needs to be properly paired etc etc) channel with a > separate device with a separate keychain and display so you can verify the > request, and never This should read pinentry, the existence of a keyring is implicit to the use case.. > actually expose private key material to the cellphone. > > In the mean time I just include the notice whenever I don't sign, at least > some people notice it and gives it another thought.
Re: [gentoo-dev] [RFC] New project: Crypto
On Mon, 28 Dec 2015 09:42:40 -0500 Rich Freeman wrote: > On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrand> wrote: > > > > > > [Sent from my iPad, as it is not a secured device there are no > > cryptographic keys on this device, > > meaning this message is sent without an OpenPGP signature. In general you > > should *not* rely on > > any information sent over such an unsecure channel, if you find any > > information controversial or > > un-expected send a response and request a signed confirmation] > > And this would be why I don't bother to sign my emails any longer. > The FOSS world is still stuck in the days when people ran X11-based > MUAs and stored their mail in conventional folders. I've yet to see a > decent browser-based MUA or Android client which does signing. > Squirrelmail does, but it is really lacking compared to something like > Gmail. YMMW, but I'm perfectly fine with Claws mail on my phone. Another problem is that this device lacks reliable RNG and faces threats of baseband processor data interception (as well as all other phones I'm aware about). So phones/tablets are not suitable for cryptography anyway. P.S. We had a good discussion of this on core, but still have no summary on dev ML. Best regards, Andrew Savchenko pgp2cyjAVTb6R.pgp Description: PGP signature
Re: [gentoo-dev] [RFC] New project: Crypto
On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrandwrote: >> On 28 Dec 2015, at 15:58, James Le Cuirot wrote: >> >> On Mon, 28 Dec 2015 09:42:40 -0500 >> Rich Freeman wrote: > >>> And this would be why I don't bother to sign my emails any longer. >>> The FOSS world is still stuck in the days when people ran X11-based >>> MUAs and stored their mail in conventional folders. I've yet to see a >>> decent browser-based MUA or Android client which does signing. >>> Squirrelmail does, but it is really lacking compared to something like >>> Gmail. >> >> I haven't tried the feature myself but K9 Mail, which is highly >> regarded, does it via APG on Android. > > iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things > happening with OpenKeychain > (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it > a bit during last OpenPGP summit in zurich. > K9 also doesn't support email tagging as far as I'm aware, and I don't believe there is a browser version of it either (I do require an MUA accessible by a browser, as this is how I compose 99% of my emails - I read this email on androids, and am replying from a browser right now). To some extent they can be forgiven for not supporting tagging, as I don't believe IMAP supports it either, so we need standards as well as FOSS clients to make it work. But, it isn't like I'm paying anybody to solve the problem, so we all make do, either living without features or without signatures as the case may be. > The main issue is key storage, though. For signatures you can use a dedicated > signing subkey, however you get in problem with encrypted emails as mobile > devices > are not really secure devices and should never have cryptographic material. > What could > work in this case is a NFC (or for that matter bluetooth, although it needs > to be properly > paired etc etc) channel with a separate device with a separate keychain and > display so > you can verify the request, and never actually expose private key material to > the cellphone. That concern is hardly unique to phones. PCs suffer just as much from this problem. The solution could potentially be the same. For signing it is a straightforward problem since there is nothing to be kept secret except the key material itself (just send the message to the signing device, and return the signature back). For encryption you have additional challenges if you want to be able to make any use of the plaintext without it getting stolen - once decrypted it is only secure as any device that comes in contact with it. And there is no reason that mobile and browser frameworks couldn't talk to such devices with the right standards. If it were up to me the government would hand out signing devices just as they hand out passports. It seems kind of silly in this day and age that we haven't solved the key-management problem and half of our commerce involves giving 16-digit numbers to everybody we do business with and asking them to keep them secret for us. -- Rich
Re: [gentoo-dev] [RFC] New project: Crypto
Hi! On Wed, 25 Nov 2015 21:21:37 +0100 Kristian Fiskerstrand wrote: > On 11/25/2015 08:20 PM, Daniel Campbell wrote: > > On 11/25/2015 09:12 AM, Kristian Fiskerstrand wrote: [...] > >> As recently discussed herds are migrating to projects, and in > >> that connection we've now set up a project[0] for what was > >> previously the Crypto herd. > > > >> Please consider this an official announcement and request for > >> comment related to establishing a new project. > > > >> References: [0] https://wiki.gentoo.org/wiki/Project:Crypto > > > > > > Sounds good to me. I have a passing interest in crypto, so where do > > I sign? :) +1 > I'm trying to reclaim the #gentoo-crypto channel for now, would be > nice to have a place for coordination corresponding to the project Any progress here? Best regards, Andrew Savchenko pgp9WTbtxbjGA.pgp Description: PGP signature
Re: [gentoo-dev] [RFC] New project: Crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/25/2015 09:12 AM, Kristian Fiskerstrand wrote: > Hi, > > As recently discussed herds are migrating to projects, and in that > connection we've now set up a project[0] for what was previously > the Crypto herd. > > Please consider this an official announcement and request for > comment related to establishing a new project. > > References: [0] https://wiki.gentoo.org/wiki/Project:Crypto > > Sounds good to me. I have a passing interest in crypto, so where do I sign? :) - -- Daniel Campbell - Gentoo Developer OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJWVgoQAAoJEAEkDpRQOeFw96UP/1hM987KB9d5K5iY8vPA9dW4 vmmW3xFruiv7cUqFjsj4o4fVdmeLhQiJoX0oz8vD6Hb2PDzZSq6g69R621V023wu g0/22U+zhXW7tgdAlEBfs5MUot4PkmmAJAhA2n54nNkgCC/GNQ3+t8P8guwoer4Y jykEdTfUEDUmabH5gX9Ei4dHWq+wptZEFQBLhn1ysUqtfTkHFaema+W+J530UOgf s4+WV+Crwu5aJeqElvDRuXJ4Tc5oXM2QDaBdFRnTjxUfZTURgXXGtlbnHePO/vH1 n5hKPzT96LSd8ZieaZSapqugKE95Kp/z0QpRsQVBc92csJcV5+gaG6cnk0f93HWW YIG0mECIraLPyxl0dNCvq8duREBZTXP/tVGQIRPyDo8yw9MriVJRx/RXmDKMrQJx 8HKhn/RClzu5c+9D5JlrObACbdbOmclHAZEP3fxsjYsrnuVgSJz+my0ZHwPSKgJp KCCpLvBtnUuwHbfIUvkhjT2HYiCQWBpY7et7d8JkGL1evRE+oOdQql1X1DFxqM8A 9mhcZq4uSBLLsypDAEpWwoxLjwZJc/i8UnKtLKsEnjRx+pGtQOZ1l0K76xFDX4gV LjOasAdIHM7eLcRnosFEof8nAVYIuVi99qhLIZ3wGeqHVC9XDnT1WYqPbzwB23xl ixHqW31gIDF7SijfVvo6 =LPnc -END PGP SIGNATURE-
Re: [gentoo-dev] [RFC] New project: Crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/25/2015 08:20 PM, Daniel Campbell wrote: > On 11/25/2015 09:12 AM, Kristian Fiskerstrand wrote: >> Hi, > >> As recently discussed herds are migrating to projects, and in >> that connection we've now set up a project[0] for what was >> previously the Crypto herd. > >> Please consider this an official announcement and request for >> comment related to establishing a new project. > >> References: [0] https://wiki.gentoo.org/wiki/Project:Crypto > > > Sounds good to me. I have a passing interest in crypto, so where do > I sign? :) I'm trying to reclaim the #gentoo-crypto channel for now, would be nice to have a place for coordination corresponding to the project - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWVhhNAAoJECULev7WN52FWt8H/Al64Dn04/um+VsrvR4qfrvQ jx3ESWKvxsGwfbrTUpVUi0T/D1MUcJ0c5O1g/l9Z0EHunK5C4H05mRSnZZcfTDeg X125nmN8z6YkJj3u69j8OWsbQv/Gs/iKs1NUl+BaRsNxHHbNA+eci3tH7wXMDoVc haSynpzUkTXuQUtMdtxKZdnV9WlbYhx1jUsRWJHE3ika39/+YcEBha827Ihflybq /r+MOBCcwap5Cqkx/+fGMIA2hUZrHf48nnHzfN9edlWIoaO1CIMJc2yI3LTicaAh W+g2MbHADLoWOa4p8mXT6S1Gh7Cc4mGpbC7a7UxJfD5wh0H8Gnbe63x/GubT9kA= =T9E/ -END PGP SIGNATURE-