[Freedombox-discuss] Steps for integrating in Monkeysphere to Freedombox

Marc Jones mjones at softwarefreedom.org
Wed Dec 23 02:24:48 UTC 2015 

Petter,

TL;DR;. Monkeysphere lets you use the PGP Web of trust to replace the
certificate cartel to authenticate SSL and SSH keys. Basically you can
transform a PGP key into SSH and SSL keys. Monkeysphere might be best
thought of as a clever way to distributed public keys so when you setup
an encrypted tunnel using your private key, the person on the other side
can verify it is you by looking at your public key. You can watch a
DebConf video the monkeysphere folks did back in 2010 here:
http://penta.debconf.org/dc10_schedule/events/572.en.html. Support for
monkeysphere in Freedombox was one of the original ideas Eben Moglen had.

Standard SSH works with monkeysphere without modification. SSL Client
certificates work with all major browsers, but to take advantage of the
Web of Trust webservers need to support it. The webserver used by
Freedombox already supports it.

Since OpenPGP smartcards work with GPG agents (or they should cause why
else would you want one) they will work with Monkeysphere too.

Long Answer:

Monkeysphere does a few different things so it can be a little confusing
at first (or it least it was to me.) Personal I felt like it took a
while to wrap my mind around what it does. So first I will explain what
Monkeysphere does and then I will talk about the original idea for
integrating Monkeysphere into the Freedombox.

Monkeysphere's basic idea is that PGP, SSH, and SSL certificates are
just using RSA public/private key pairs. But they all have different
trust models for verifying keys. PGP provides a web of trust that is
based on a peer to peer module of authenticating key pairs (i.e. signing
your friend's PGP keys).

SSH does not really have any way of doing key authentication. Both user
and host keys are verified out of band. If you connect to a new SSH host
or the SSH host changes the key the only thing you can do is call the
SSH server administrator to verify the key (or do what most people do
and blindly accept the new key). Similarly logging in using keys over
SSH is based on the fact that at one point you knew the password to log
into the account to upload your public key or some out of band mechanism
for key exchange with the server admin.

SSL keys for Websites rely on the "certificate cartel" where all of the
CA's have the authority to assert any key is valid for any domain and
you have no choice but to trust all or none of the assertions made by
the cartel.

The Monkeysphere project asked the question: why if these three programs
are all based on RSA keys do they have different trust models. Why can't
we use the PGP Web of Trust with SSH and with websites. Monkeysphere
basically lets you use the Web of Trust with SSH and SSL. It provides a
way of authenticating SSH hosts and distributing (and revoking) SSH
login keys based on the Web of Trust. It also in more advanced usages
provides a replacement for the CA cartels by doing Web server
authentication based on the web of trust and provides a way of doing
client certificate authentication.

So there are a few different ways to use monkeysphere and all our
independent of each other and can be mixed and matched.

1) You can published the current host key for SSH server on the Web of
Trust. Any one that trusts keys you sign will automatically trust the
SSH server key. If you generate a new ssh host key, just republish the
key to the web of trust. No more scare warning messages the first time
someone connects to your SSH server.

2) You can give secure access to a remote user when you only know thier
email address. Just tell monkeysphere what email address should have the
ability to SSH into an account. It will search the web of trust for the
public key of the person with that email who is within your web of
trust. That person can then ssh into your server using their pgp key.
Monkeypshere takes care of automatically transforming the public PGP key
into a public SSH key on the server. On the client the private PGP key
is transformed into a private SSH key using your GPG agent. It is easy
to replace your SSH key on servers that support monkeysphere because you
just have to publish a new public key to the web of trust. The servers
will auto update your public SSH key.

3) You can log into a website using a client SSL certificate. The
webserver will verify it is a valid key that belongs to you by checking
the web of trust. This works with all major web browsers. Basically you
transform your PGP key into a SSL client certificate. Connect to a
website that supports monkeysphere SSL client certificate verification.
If you are in the web site owner's web of trust you are automatically
logged into all web apps that support Apache authentication on that
server. The only web server I know of right now that supports this is
Apache with mod_gnu_tls. (which is what Freedombox users)

4) You can use monkeysphere to create server ssl certificates that do
not rely on the certificate cartels. This requires a browser plug-in on
the client side but works with all web servers that suppport SSL. You
create a SSL certificate based on a PGP key and publish the public key
in the web of trust. When the client connects the client verifies the
server's SSL certiicate against the client's web of trust. Free server
ssl certificates might seem less relevant now that Let's Encrypt exists,
but keep in mind that Let's Encrypt still needs to play by the cartel's
rules even if they do not charge for server certs. That means no SSL
certificates for .local or nonstandard DNS TLDs like .onion. Since
monkeysphere certs are self generated you could make your SSL
certificate for a .local or .onion address. (See relevant tor pages for
discussion/debate on if SSL certs are needed when accessing hidden
services).

One of the original ideas for the Freedombox was to allow users to use
SSL Client certificates to authenticate to plinth. Basically this
eliminates the need for users to remember passwords. You can even use
the same certificate to authenticate to different FreedomBoxes, so you
can move from FreedomBox to FreedomBox without worrying about
remembering passwords. We could also allow SSH access using
monkeysphere. Basically a user would have the option of making a
Freedombox that have any passwords to guess, to forget, or to brute
force since Monkeysphere makes certificate/key authentication possible
using stock SSH and web browsers.

-Marc



On 12/21/2015 03:24 AM, Petter Reinholdtsen wrote:
> [Marc Jones]
>> As we discussed before we want to get the SSL Client certificate auth
>> integrated into freedombox for the 0.8 release. I put a proposal in to
>> present a libreplanet in March and I think this would be a cool thing to
>> show off.
> 
> I have never quite understood what Monkeysphere does, or in what use
> case it is useful.  Could you perhaps explain a bit more which users
> such authentication would be useful for, and how the user would operate
> to make use of these SSL client certificates?  Where would Monkeysphere
> fit in?
> 
>> But I think it will be a great foundation to doing more stuff because
>> it is a first step in having our freedomboxes know about PGP. (Maybe
>> one day we can use PGP to allow FBXs to exchange data with each
>> other. FBX backups perhaps!)
> 
> I agree we should get PGP/GPG stuff into the default Freedombox setup,
> and I would really love it for us ot support OpenPGP smart cards out of
> the box, allowing us to store the GPG key on the box in a way that would
> block it from being easily copied out of the box.
> 
> My initial testing using gpg2 and a smart card on Raspberry Pi did not
> work.  I never had time to check why not, and hope the issue will not
> block me from using GPG with RPI as my FreedomBox.
> 


-- 
Marc Jones
Counsel
Software Freedom Law Center
1995 Broadway, 17th Floor
New York, NY 10023
Tel: 212-461-1919
Fax: 212-580-0898
Email: mjones at softwarefreedom.org
www.softwarefreedom.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAC9364C7.asc
Type: application/pgp-keys
Size: 6826 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151222/f3e322d0/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAC9364C7.asc
Type: application/pgp-keys
Size: 6825 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151222/f3e322d0/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151222/f3e322d0/attachment.sig>

More information about the Freedombox-discuss mailing list