[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
Henry Story
henry.story at bblfish.net
Thu Mar 10 13:29:40 UTC 2011
On 10 Mar 2011, at 05:00, Daniel Kahn Gillmor wrote:
> On 03/09/2011 06:11 PM, Melvin Carvalho wrote:
>> Traditionally we've always 'self signed' our WebID certificates. So
>> there's no CA that needs to be in the loop. In fact, I dont know of
>> any instance WebID has *ever* been used with a CA, but I suppose it is
>> possible too. :)
>
> For plain http:// URL WebIDs, there is no CA in the loop; but plain
> http:// WebIDs are vulnerable to a pretty trivial attack by someone with
> reasonable control of the network -- all they need to do is forge DNS or
> intercept traffic to convince the server doing a backhaul lookup that
> the client's presented WebID cert is legit. This level of vulnerability
> to an attacker in control of the network doesn't seem to meet the
> standards i'd hope for a robust, freedom-preserving scheme.
yes, though it is already better than just passwords which create a centralising pull: since everybody hates passwords, people go for the biggest service that gives them the most features.
>
> So that leaves https:// WebIDs, which in turn need some sort of
> certificate validation. I'm pretty sure that any WebID that points to
> an https:// URL relies on the CA cartel to validate the backhaul
> connection, in the current implementations, no? Either the certificate
> validation is not happening (in which case the scheme is vulnerable to
> an attacker in control of the network again), or the certificate
> validation relies on some set of CAs.
One could have self signed certificates on the server and some trusted sites that keep a list of the latest ones seen there. Notice that that again requires trust.
>
> I'm happy that WebID is trying to sidestep the CA cartel for end-user
> certificates. But it seems to rely on either (a) centralized,
> cryptographically-guaranteed DNS (DNSSEC) or (b) the CA cartel to
> validate the server-side certificates (or both).
Both is already better. The DANE IETF is showing how one could place a certificate for a host:port combination into DNSSEC, and so bypass or limit the power of the CA cartel
http://tools.ietf.org/wg/dane/draft-ietf-dane-protocol/
For example it could counter the problem of root certificates leaked by untrustworthy CAs.
Perhaps this is the way to distribute power: add more checks and balances everywhere. If the FBox can help people get away from FBook then that's one thing. The FBox could also then host other services, perhaps DNSsec clones that friends could use as trusted servers... FBox could also let friends see what they see about web sites, so robots could make automatic comparison to find fishy differences...
> Both of these options
> leave a handful of fairly unaccountable middlemen with the ability to
> perform denial of service attacks on end user identities and even
> impersonations.
I am not sure I'd say DNS providers are unaccountable. There are legal systems in place to control a lot of what is done here. But legal systems are themselves networks of people and interests... Just as code is...
> I'd love to hear suggestions for improving the scheme to be resistant to
> these middlemen, but i don't think i've heard any of them yet.
If you can find a distributed secure naming system that works then it should be no problem to make WebID work with it too, since it is really basing itself on the Semweb that is designed with only the abstract notion of the URI.
Notice that the web is quite reliable for something that is based on technologies that are so weak. Each little piece that helps distribution or security, can make a big impact.
Henry
>
> --dkg
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
Social Web Architect
http://bblfish.net/
More information about the Freedombox-discuss
mailing list