|
xtal posted:Couldn't we have client-side certificates as well, issued by the ISP through an automatic DHCP-like process? What would that accomplish
|
#
?
Jul 12, 2019 14:39
|
|
|
|
| # ? May 25, 2024 22:16 |
|
|
Yes, I trust my ISP with this.
|
|
#
?
Jul 12, 2019 14:46
|
|
|
I think isp pki might be strictly worse than no pki
|
|
#
?
Jul 12, 2019 14:57
|
|
|
evil_bunnY posted:Yes, I trust my ISP with this. You trust them with everything else. I think that having the ISP help with this would reduce the amount of people you need to trust.
|
|
#
?
Jul 12, 2019 15:00
|
|
|
xtal posted:You trust them with everything else. I think that having the ISP help with this would reduce the amount of people you need to trust. I trust them to transport encrypted data packages, nothing more. I don't trust the company that wants to sell my usage data.
|
|
#
?
Jul 12, 2019 15:05
|
|
|
Lambert posted:I trust them to transport encrypted data packages, nothing more. I don't trust the company that wants to sell my usage data. Same. They sure as poo poo don't get to see what my activity is other than "has p2p VPN tunnel from edge device"
|
|
#
?
Jul 12, 2019 15:22
|
|
|
xtal posted:You trust them with everything else. I think that having the ISP help with this would reduce the amount of people you need to trust. I trust them to route my packets. If everything is being carried over TLS, I trust them for essentially nothing else and they can't see the payload anyway. Validating the certificate on the other end is what lets this trustless infrastructure model work, because if something gets hijacked or tampered inline your TLS socket explodes and screams at you. Going to an ssh-like HTTPS implementation assumes you now trust the infrastructure between you and what you are connecting to; good enough for getting on your firewall interface on your own network but you shouldn't be doing that over other peoples' networks unless you know how to handle cert pinning.
|
|
#
?
Jul 12, 2019 15:22
|
|
|
apseudonym posted:E: CLAM DOWN posted:Yeah if we should be doing anything with HTTPS, it's not making it more like SSH.  Never said to get rid of the existing PKI infrastructure, just that for simple cases it can be a lot of unnecessary complication.Site identity authentication is good. Encryption in transit is good. I just think it should be easier to do one without the other if you want.
|
|
#
?
Jul 12, 2019 17:32
|
|
|
xtal posted:You trust them with everything else. BangersInMyKnickers posted:I trust them to route my packets. If everything is being carried over TLS, I trust them for essentially nothing else and they can't see the payload anyway. Validating the certificate on the other end is what lets this trustless infrastructure model work, because if something gets hijacked or tampered inline your TLS socket explodes and screams at you. Going to an ssh-like HTTPS implementation assumes you now trust the infrastructure between you and what you are connecting to; good enough for getting on your firewall interface on your own network but you shouldn't be doing that over other peoples' networks unless you know how to handle cert pinning.
|
|
#
?
Jul 12, 2019 17:38
|
|
|
I use AT&T for my ISP. I trust them only in routing me to the right place, nothing further. I don't even trust their provided Gateway, which is why it was replaced with a Ubiquiti. ISPs are garbage.
|
|
#
?
Jul 12, 2019 18:09
|
|
|
For anyone not really understanding why client side certs issued by the ISP bad, read this article about North Korea's browser that came installed on their Red Star OS. https://www.thesslstore.com/blog/ssl-north-korea/
|
|
#
?
Jul 12, 2019 18:30
|
|
|
D. Ebdrup posted:If you don't know this, that's okay, I'm mostly just quoting you for a reference. Chrome 77 apparently does away with them.
|
|
#
?
Jul 12, 2019 20:13
|
|
|
Subjunctive posted:What do you think domain certs actually attest to? talking about ev, not dv. i've been around long enough to watch this play out from the primordial beginnings, where having a cert at all was a huge deal and you needed to pay extra for actually secure keys as opposed to export-legal ones. it was originally intended (or at least used) as a verifier of the company and that required third party attestation to who your company was, where their physical address was, hence the dunn & bradstreet quip. that flawed model is what EV certs were trying to bring back. i thought it was lovely that browsers were playing a part in giving bad CAs sales so I'm happy that they are dropping the flair for EV.
|
|
#
?
Jul 12, 2019 20:50
|
|
|
Harik posted:you'd think a big company could shell out the grand a year or whatever it is to get an actual D&B check pulled on them instead of the 'can you manipulate a file on the server? cool you're good' standard you get for $100/yr. i intended something along the lines of a sarcastic quip about the uselessness of ev and what people should expect from a cert, but even knowing what i meant i can't read that in my original message so yeah that's totally my fault for not being clear. Harik fucked around with this message at 21:07 on Jul 12, 2019 |
|
#
?
Jul 12, 2019 20:58
|
|
|
Harik posted:i've been around long enough to watch this play out from the primordial beginnings, where having a cert at all was a huge deal and you needed to pay extra for actually secure keys as opposed to export-legal ones. it was originally intended (or at least used) as a verifier of the company and that required third party attestation to who your company was, where their physical address was, hence the dunn & bradstreet quip. that flawed model is what EV certs were trying to bring back. I worked on CA policy at Netscape when that was playing out, and deployed https back when it was still fighting against shttp for dominance, and I don’t recall any corporate identity verification being universally required. I had certificates issued against domains I owned as an individual very early on. Taher was pretty adamant that it be about network identity and not owner identity, so that would have been a weird place to land. Are you thinking of code signing certificates? Many places piggybacked their site certificate acquisition on top of code signing arrangements with those CAs, so I could see there being confusion. (At one point the cert used to authenticate the server could be treated as having signed scripts that were delivered over an SSL channel for purposes of requesting elevated privileges à la Java, which is a transitivity of trust and conflation of endpoint with authorization that...yeah, not great.) EV exists because people had been taught “lock means the site is good and your friend”, as all security UI and education was focused on network rather than psychological/social attacks, and because the WebTrust audit didn’t provide meaningful oversight. It doesn’t actually solve those problems, but that was the premise under which I and others were lured into the initial CABForum work. MSFT was the biggest source of pressure for EV design and adoption, though I’m certain that they were carrying water from CAs, since they claimed that taking action against misissuance by removing CAs would get them sued “into oblivion”. Working on PKI policy is a terrible life choice, but I got to death penalty a misbehaving CA so it wasn’t without its moments of satisfaction.
|
|
#
?
Jul 13, 2019 04:31
|
|
|
Subjunctive posted:Working on PKI policy is a terrible life choice, but I got to death penalty a misbehaving CA so it wasn’t without its moments of satisfaction.
|
|
#
?
Jul 13, 2019 05:12
|
|
|
Diginotar.
|
|
#
?
Jul 13, 2019 05:19
|
|
|
CommieGIR posted:I use AT&T for my ISP. I trust them only in routing me to the right place, nothing further. I don't even trust their provided Gateway, which is why it was replaced with a Ubiquiti. Did you do the switch bypass, eap proxy, or extract the certs from one of their vulnerable modems?
|
|
#
?
Jul 13, 2019 06:16
|
|
|
just lol if you think a cert from a CA means anything
|
|
#
?
Jul 13, 2019 07:13
|
|
|
PBS posted:Did you do the switch bypass, eap proxy, or extract the certs from one of their vulnerable modems? EAP Proxy.
|
|
#
?
Jul 13, 2019 15:14
|
|
|
Subjunctive posted:I worked on CA policy at Netscape when that was playing out, and deployed https back when it was still fighting against shttp for dominance, and I don’t recall any corporate identity verification being universally required. I'll see if I have records in my old archives. Speaking of export restrictions I had to deal with that in 2017 when some Java thing was idiotically using the jvm crypto that still required the special "I'm not a terrorist or hostile foreign power" file for >48 bit keys.
|
|
#
?
Jul 13, 2019 17:33
|
|
|
Harik posted:Speaking of export restrictions I had to deal with that in 2017 when some Java thing was idiotically using the jvm crypto that still required the special "I'm not a terrorist or hostile foreign power" file for >48 bit keys. Lol I remember making a script to deal with that on all our servers at my old company.
|
|
#
?
Jul 13, 2019 17:38
|
|
|
Harik posted:Yeah, it wasn't universally required, it was a CA thing to make theirs somehow more valuable. As you could guess, the number of people who checked which CA signed your cert was near zero. I'm going from distant memory here so it may have been non-export grade key requirement? That poo poo was really stupid back then. I definitely don’t have my archives (after you get your email subpoenaed once you start to get more aggressive with document non-retention), and my former co-worker who would know for sure says I owe him a bottle of booze for even asking about CA bullshit, so I’m tapped out. Getting the crypto export restrictions lifted for open source in 1999 was a joy, and heady political stuff for 22-year-old me, especially the part where we had to notify the relevant agency about every time a change to something “cryptographically relevant” was published. Via postal mail or fax.  “What is cryptographically relevant, exactly?” “We will evaluate that case by case.” “Welp, ok then.”After a couple of months of getting all the Mozilla diffs printed and mailed to them weekly, they agreed that we only had to do crypto implementation code and quarterly was fine. I remember being terrified that I would forget a diff and get us in serious trouble, but we learned later that they just skimmed through it, recorded that we’d sent something, and then filed in under “whatever”. (They did ask some questions when one back had a Canadian postmark on it but a US return address, but everything was sorted out.)
|
|
#
?
Jul 13, 2019 18:24
|
|
|
Harik posted:idiotically using the jvm crypto that still required the special "I'm not a terrorist or hostile foreign power" file for >48 bit keys 
|
|
#
?
Jul 13, 2019 21:24
|
|
|
Subjunctive posted:I definitely don’t have my archives (after you get your email subpoenaed once you start to get more aggressive with document non-retention), and my former co-worker who would know for sure says I owe him a bottle of booze for even asking about CA bullshit, so I’m tapped out. I'm surprised and happy that you worked on this in 1999 and haven't died of whisky since then
|
|
#
?
Jul 13, 2019 21:33
|
|
|
Harik posted:Speaking of export restrictions I had to deal with that in 2017 when some Java thing was idiotically using the jvm crypto that still required the special "I'm not a terrorist or hostile foreign power" file for >48 bit keys. they've only just recently stopped requiring this file for >128-bit keys, because i guess there was a really good reason why they needed to prevent the bad guys from using aes-256 but aes-128 was fine? probably the alien supercomputer the nsa was using to break aes-128 ran out of neutron batteries, or one of the bad guys finally figured out how to find the right file on oracle.com. used to be a right loving pain though because we needed to interoperate with systems that only used aes-256.
|
|
#
?
Jul 13, 2019 21:43
|
|
|
What's the best way to encrypt a thumb drive?
|
|
#
?
Jul 14, 2019 03:26
|
|
|
Its Coke posted:What's the best way to encrypt a thumb drive? It depends on which OSes you're going to use it with. TrueCrypt or its successor is probably the best compromise of portability, security and ergonomics. Other options worth investigating are LUKS (block-level encryption for Linux only) or formatting the drive as exFAT and storing AES-encrypted blobs on it (file-level encryption that will be supported everywhere.) xtal fucked around with this message at 03:45 on Jul 14, 2019 |
|
#
?
Jul 14, 2019 03:41
|
|
|
Its Coke posted:What's the best way to encrypt a thumb drive? If you don't need it to work with different operating systems, use whatever the default method is that your OS offers. For Windows this will be Bitlocker and for Linux it will use LUKS.
|
|
#
?
Jul 14, 2019 03:41
|
|
|
GBDE in FreeBSD can do steganography in binary data so you can have a copy of your kernel file which opened with one key is a filesystem that's transparently decrypted and encrypted and when opened with another key becomes blackened (ie. the system acknowledges the key, but then wipes the keyfile that the passphrase unlocks).
|
|
#
?
Jul 14, 2019 09:00
|
|
|
xtal posted:It depends on which OSes you're going to use it with. TrueCrypt or its successor is probably the best compromise of portability, security and ergonomics. Other options worth investigating are LUKS (block-level encryption for Linux only) or formatting the drive as exFAT and storing AES-encrypted blobs on it (file-level encryption that will be supported everywhere.) Do not use TrueCrypt, it's been out of development forever. Verycrypt is the successor. Its Coke posted:What's the best way to encrypt a thumb drive? If you're on Windows, use Bitlocker (built-in encryption functionality Windows has).
|
|
#
?
Jul 14, 2019 09:12
|
|
|
Subjunctive posted:I definitely don’t have my archives (after you get your email subpoenaed once you start to get more aggressive with document non-retention), and my former co-worker who would know for sure says I owe him a bottle of booze for even asking about CA bullshit, so I’m tapped out. Unfortunately I don't have anything relevant aside from we were using Thawte before verisign bought them in '99 and apparently got rejected for a Verisign certificate at renewal time because we were using apache mod_ssl and not IIS or their Stronghold server. I know we were using Thawte by '99 for 128-bit keys because foreigners had better security than anyone in the US was allowed without crazy hoops - so that's probably why we had to submit D&B to somebody mid-90s. As an aside: remember when email wasn't 100% spam (with non-spam being a rounding error) and people actually used it to communicate? I read and responded to more emails in a day back then than I do in six months now. e: I mean to get a cert for >1024bit RSA keys back then. 128-bit restriction was on the ephemeral session-key that had to have the first 72-bits set to a known value to make it easier to crack unless you had special permission to use encryption stronger than rot13. This is fuzzy and handwavy because the details were too stupid to stick in my brain 20 years later, so feel free to expand on it but don't think it's some gotcha that I don't remember exactly in which way the US was braindead then. Harik fucked around with this message at 17:47 on Jul 14, 2019 |
|
#
?
Jul 14, 2019 17:41
|
|
|
Harik posted:Unfortunately I don't have anything relevant aside from we were using Thawte before verisign bought them in '99 and apparently got rejected for a Verisign certificate at renewal time because we were using apache mod_ssl and not IIS or their Stronghold server. I still use email to communicate; the combination of pobox.com's spam filtering and Gmail's actually catches most of the spam. Email is how I keep in touch with my friends.
|
|
#
?
Jul 14, 2019 19:05
|
|
|
What internal collaboration application do you guys use to communication with other members of your security team? I got asked to evalute some products but it seems like everything is poo poo. Currently I was asked between: Slack, Wire, WhatsApp and Microsoft Teams ...
|
|
#
?
Jul 14, 2019 19:14
|
|
|
fyallm posted:What internal collaboration application do you guys use to communication with other members of your security team? I got asked to evalute some products but it seems like everything is poo poo. Currently I was asked between: Slack, Wire, WhatsApp and Microsoft Teams ... Everybody uses Slack, but not because that's a good option, it's actually a terrible option. I would recommend riot.im which is used by the French government. It has end-to-end encryption, better uptime and less bugs than Slack, and won't inevitably lead to a massive data breach.
|
|
#
?
Jul 14, 2019 19:21
|
|
|
Lambert posted:Do not use TrueCrypt, it's been out of development forever. Verycrypt is the successor. Veracrypt gets my vote for USB drive encryption. Cross platform, extensively documented, works perfectly and exactly how you'd expect, and no need to trust that Microsoft knows what they're doing.
|
|
#
?
Jul 14, 2019 19:22
|
|
|
fyallm posted:What internal collaboration application do you guys use to communication with other members of your security team? I got asked to evalute some products but it seems like everything is poo poo. Currently I was asked between: Slack, Wire, WhatsApp and Microsoft Teams ... WhatApp message delivery is somewhat spotty in my area, i would suggest slack or teams depending on availability of office 365(if you have it you should go teams).
|
|
#
?
Jul 14, 2019 19:23
|
|
|
fyallm posted:What internal collaboration application do you guys use to communication with other members of your security team? I got asked to evalute some products but it seems like everything is poo poo. Currently I was asked between: Slack, Wire, WhatsApp and Microsoft Teams ... Teams. It's good. Better than slack imo. Don't use WhatsApp, you have absolutely no control or oversight, and depending on your company/location it can violate data sovereignty laws.
|
|
#
?
Jul 14, 2019 19:25
|
|
|
We have O365 but for some reason the beta of teams at our place doesnt have a mobile option? Wtf? No phone app? Whatsapp was thrown in due to our coworkers overseas but seemed like a bad idea. Has anyone ever tried wire? I'll have to figure out what is going on with our teams rollout.. Ill also look into ripple.im , thanks everyone!
|
|
#
?
Jul 14, 2019 21:52
|
|
|
|
| # ? May 25, 2024 22:16 |
|
|
Server Gated Cryptography is the bullshit I couldn't remember because of how stupid an idea it was. Ok so that's what I'm remembering about 128bit keys, browsers without a domestic license could use 3DES (112) or AES-128 for the actual encryption but they had prefix keys to with a known pattern to limit the keyspace. If they connected to a server with the SGC flag set you were allowed to use full-size keys even if you were a dirty foreigner. The reason the CA crawled up your rear end with a flashlight for a SGC cert was the legislation allowed very limited exceptions to the 'no strong encryption' laws and you had prove you qualified for one. So no, normal domain validation didn't require a Dunn & Bradstreet check, so your personal domain would be trivial to get a weak cert for, and anyone in the US or who made the trivial patch to netscape got full strength encryption connecting to it anyway. Running e-commerce DID require it unless you didn't actually give a poo poo about your customers. Sedative, does this jive with your memory of how this all played out? e: replaced globalsign link with wikipedia. Harik fucked around with this message at 21:59 on Jul 14, 2019 |
|
#
?
Jul 14, 2019 21:56
|
|