One Ring of Trust To Bind Them All
Paw Prints: Writings of the maddog
There is much discussion these days around security, most of which comes from the release of Firesheep and the “discovery” that the three “W”s of “World Wide Web” may really stand for the “Wild, Wild West”.
Basically I hate the idea of needing to lock things up, hide things, and search people. There have been cultures where two poles crossed over the door of a tent meant it was “locked”, and people could leave the doors to their remote cabins unlocked to allow stranded people to find shelter in a storm, but in many places those times are past.
I remember in 1977 when the researchers at Bell Labs were told to use passwords on their login accounts. Most of them had NO passwords on their accounts, and those accounts which did have passwords could be broken in less time than I am taking to type this sentence even without the aid of a computer. For example, one engineer had a password of the letter "x".
The anguish that password aging and password policies caused at Bell Labs (“Your password is too short and is a dictionary word”) drove most researchers (and their systems administrators required to enforce the policies) to tears at that time.
Today we live in a different world, with people who are trained to use computers to steal from us or disrupt our lives, and it is past time to act. Today no one would dream of not having a password, and we go to the fairly extreme lengths of encrypting our data on disks and password protecting the booting mechanism. I generated my own key a long time ago and I have my “fingerprint” (a short-hand pointer to the key) printed on my business cards for people that need it.
The basis of a lot of security is a pass-phrase and from that the use of a encryption as a method of authentication. The other main point of security is trust, who we trust and how much we trust them.
Do you trust your parents? Do you trust your employer? Do you trust your government? Your best friend?
Of course there are all levels of trust, and trust on different topics. You might trust your government to protect you from foreign invasion, but not trust them to keep out of your private life. I trust my brother to give me shelter in his house, but do not necessarily trust him on the details of computer science.
In the case authorization, we are looking for the trust of “identity”, and that a person that we have never met is actually the person they say they are. For that we have to trust that other people who take this issue as seriously as we do have indeed verified that the person they exchange identities with is the person they say they are. The exchange of identities is represented by an exchange of key “signings”.
Let's say you meet me, and I prove to you that I am “Jon 'maddog' Hall” to a point where you trust this to be true. I could give you my public key and when you receive an email and decrypt it with that public key you can have a fairly good idea that the message actually came from me. In turn I could also have encrypted the message with your public key, and therefore protect the transmitted message from someone else reading it, even if the person intersecting the message knows both of our public keys.
From all of this you could determine that the message really did come from me, since you know that only I could have encrypted the message using my own pass-phrase and have it match with my public key. And we would both know that no one else could have read the message other than us.
For this method to work in a broader scale would require that we meet everyone else in the world with whom we want to exchange information and convince ourselves that they are the person they say they are. But this is a bit impractical, even for someone like me who has been to over 100 countries, many more than once.
Alternatively we could trust some other person that we know to have done this for us. This brings about a concept known as a “web of trust” and a “key signing party”. A web of trust is where you and I trust someone else to have properly identified someone. Since we trust them to have done this properly, we now extend that trust of identification to the person who we have never met personally. Do this enough times with enough people and a level of trust can be built without having to meet each person individually.
Again, as a personal issue, I really do not like key-signing parties, but they are the easiest way of building a “web of trust” between many people, so when my good friend “Pablo 'spectra' Lorenzzoni” asked me to participate in a key-signing party at Campus Party in Sao Paulo, Brazil my first inclination was to say “no”. However I thought about it and reminded myself that my current key is only 1024 bits long and therefore (with the speed of modern-day computers and Beowulf systems) getting to the edge of insecure, so it was time to generate a new, stronger key. And Pablo, being a long-standing member of the Debian community, is a good partner in this.
Of course you do not have to go to Campus Party to start your “web of trust”. You could start your own “Web of Trust” among your own friends and family, but if you are going to Campus Party in Brazil why not participate?
How this work?
The first thing you might do is go to the English or Portuguese site of the key-signing party. Read up on the process and do what is required before January 15th, 2010 at 2200 hours Brazilian time. Go back to the web site right before leaving for Campus Party and get the form that will have the participants names and their key 'hashes'. Print out that form, bring it, a pen and two forms of photo identification (at least one of them government issued) to Campus Party and join in the “fun”.
Afterwards you will enter keys into a program that will “sign” them for other people, and the web of trust will start to be built.
As I said, you can even do this among your friends, but the real strength comes as a complete web is built, with strong trust lines. Therefore doing a “key-signing party” at large FOSS events is a good idea that takes only a little bit of planning ahead of time. For those of you who are going to Campus Party, I look forward to having you in my ring of trust.comments powered by Disqus
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.