ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Do we need to secure our keyservers against kind of DoS Attacks

2009-02-01 18:26:45
from [Christoph Anton Mitterer] [Permanent Link] 
Hi Daniel.

On Sun, 2009-02-01 at 16:25 -0500, Daniel Kahn Gillmor wrote:

In addition to an active attacker modifying the communication, queries
to keyservers are also potentially information leaks -- anyone simply
observing the query knows something about who your contacts are.

Excellent point.



Are there currently working means to prevent this?

Yes there are!  Back in November i set up nginx on
zimmermann.mayfirst.org (a member of the sks-keyservers pool) to
provide
an HTTPS link to the keyserver.  Access to that keyserver can then be
done by running hkp over TLS.  While the OpenPGP tool i was using
(gpg)
didn't seem to be able to handle such a TLS-wrapped link natively, i
was
able to approximate it with a client-side proxy using socat:

  https://lists.riseup.net/www/arc/monkeysphere/2008-11/msg00046.html

This sounds nice =)


Because TLS offers mutual authentication, message integrity, and
privacy, this can potentially defend against every kind of active
attack
except for a full DoS (which an active attacker who can modify your
network traffic can execute no matter what anyway) (and could also be
used to limit queries to your keyserver to particular users, if you so
desired).

Of course,...



But wait, you say, I don't want to have to use X.509 certificates
along
with TLS!  Well, i don't either.  RFC 5081 provides for TLS to use
OpenPGP certificates for either party in the communication.  This
removes the need for X.509, while retaining all the benefits of TLS.

Even better :-) Which RFC5018 have you used?



So: Is this scheme fully implemented and easy-to-use yet?  No.  But
the
pieces are there, and it's already been assembled piecemeal with
currently-available tools.  If you are interested, or manage to push
it
further, i'd be very happy to hear about your progress.

Well my time's limited ^^...
I had hoped to get somehow in contact with the keyserver software
developers,..

The keyservers should also communicate secured with each other,.. in you
setup there's still the (of course very small) chance that the secure
keyserver (e.g. your's) is already attacked and doesn't get the full
data during its synchronisation with the others,... and I suppose most
people use one of the "big/wellknown" keyservers when submitting their
keys.

And as you've said, one important point would be client support...
The average user probably don't want to set up socat or any similar
proxy.


Best wishes,
-- 
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München

christoph(_dot_)anton(_dot_)mitterer(_at_)physik(_dot_)uni-muenchen(_dot_)de
mail(_at_)christoph(_dot_)anton(_dot_)mitterer(_dot_)name

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Do we need to secure our keyservers against kind of DoS Attacks, Daniel Kahn Gillmor
Next by Date:  Re: Series of minor questions about OpenPGP 6, Peter Thomas
Previous by Thread:  Re: Do we need to secure our keyservers against kind of DoS Attacks, Daniel Kahn Gillmor
Next by Thread:  Re: Do we need to secure our keyservers against kind of DoS Attacks, John Clizbe
Indexes:  [Date] [Thread] [Top] [All Lists]