Post AGwtngr1IQMATtwLD6 by jch@don.bitma.st
(DIR) More posts by jch@don.bitma.st
(DIR) Post #AGw5WxjnSjrwWDsy3s by Hyolobrika@mstdn.io
2022-02-28T12:51:36Z
0 likes, 2 repeats
I wonder how possible it would be to save SSL signatures from websites and use them to verify archives without any need to trust a centralised archival site such as https://archive.today or https://web.archive.org?Am I completely misunderstanding how SSL works?Relevant previous post: https://owlper.ch/notice/AGiTtNGF3m8Sl7TW7c
(DIR) Post #AGw6JrLA2Jiwrpg6bo by dhfir@expired.mentality.rip
2022-02-28T13:00:27.648942Z
0 likes, 0 repeats
@Hyolobrika this presumes the site has https, and wouldn't work for http-only sites, but probably?
(DIR) Post #AGw6KC8ohPKNNd42me by jch@don.bitma.st
2022-02-28T12:54:24Z
0 likes, 0 repeats
@Hyolobrika I believe this is what WARC is for: https://blog.pagefreezer.com/what-is-warc-and-why-is-it-important
(DIR) Post #AGwEI4HjjiKa4KjWoC by Moon@shitposter.club
2022-02-28T14:29:46.207119Z
0 likes, 0 repeats
@Hyolobrika No, session keys used for encryption are changed frequently.
(DIR) Post #AGwarpjlV5saMkIpm4 by Hyolobrika@mstdn.io
2022-02-28T18:42:43Z
0 likes, 0 repeats
@Moon But surely there is a master key for each website that's used to agree on the session keys? Couldn't one save both?
(DIR) Post #AGwayybwuDqlun3Lay by Hyolobrika@mstdn.io
2022-02-28T18:44:01Z
0 likes, 0 repeats
@jch Are WARC signatures from the site itself? Do they verify that the owner of the site has vouched for them, or just that the random person who signed the archive has vouched for them?
(DIR) Post #AGwbIORd56zVXRU6fQ by Moon@shitposter.club
2022-02-28T18:47:33.035163Z
0 likes, 0 repeats
@Hyolobrika every website has one or more certificates that is signed by a third party certificate authority that your browser trusts. Sometimes even those are not long-lived though, for example sites that use LetsEncrypt for their certificates only keep the same certificate for weeks and then request a new one.Basically there is no direct trust line between your browser and a website, except in some specific cases.
(DIR) Post #AGwbSfFxQl9IZhvHPc by Moon@shitposter.club
2022-02-28T18:49:24.419763Z
0 likes, 0 repeats
@Hyolobrika to clarify, sites usually have one or more private keys that they don't rotate, and they could use that to sign something to say it only came from that site, but the current system with browsers doesn't have any functionality like that, it would have to be added on and it would probably incorporate trusting one or more browser CAs.
(DIR) Post #AGwbYDwjshljc0aIr2 by Hyolobrika@mstdn.io
2022-02-28T18:50:24Z
0 likes, 0 repeats
@Moon Does this mean that there is a keypair for each website, just one that is signed or otherwise approved by a certificate authority?
(DIR) Post #AGwbfcPHKwjXV9SYvQ by Hyolobrika@mstdn.io
2022-02-28T18:51:43Z
0 likes, 0 repeats
@Moon Could it be added on unilaterally by whoever makes the archival format/tools?
(DIR) Post #AGwbiKjzTV7ja2RTX6 by Moon@shitposter.club
2022-02-28T18:52:14.321662Z
0 likes, 0 repeats
@Hyolobrika there's nothing from stopping a site from having many keys, sometimes for example there are multiple servers in different regions that have different keys that serve the same website. but yes they all have to be signed by a certificate authority to be honored by your browser, unless you go through the terrible process of trusting a self-signed certificate or adding a different CA that signed it.
(DIR) Post #AGwbntYZSRyx0Wkj8C by Moon@shitposter.club
2022-02-28T18:53:14.604708Z
0 likes, 0 repeats
@Hyolobrika you would have to trust the archive tool, it would be signing it with its key.
(DIR) Post #AGwcDRLYxolJ2sqhlo by Moon@shitposter.club
2022-02-28T18:57:50.312736Z
1 likes, 0 repeats
@Hyolobrika so like, there are different and sometimes better ways to handle how certificates for websites could be done, but there is incredible friction keepign things the way they are. Security experts hate it but we're all stuck with it.alternate systems include things like, multiple sites that constantly poll public websites and keep track of certificates seen on those sites, you could for example make your browser trust a certificate if three independent oracles saw that same certificate you got. another system is just, trusting the first certificate from the site that you have ever seen, and warning the user if it changes (it's called TOFU or Trust On First Use, some people consider it superior) and of course you could use multiple things like this in combination for more trust.Another thing I have considered is, someday, you go to your bank and you tap your cellphone on a panel in the bank. Then when you go home, you access your bank website, it checks for a trusted certificate. It asks your phone, finds a securely-transferred certificate on it from when you physically went to the bank, and then trusts the website.
(DIR) Post #AGwcGOkj46cprv1stk by Hyolobrika@mstdn.io
2022-02-28T18:58:22Z
0 likes, 0 repeats
@Moon So, would it be possible to save everything neccessary to verify the website, including whatever the CA provides, the cert, the key for whatever server is serving the it at the moment, the session keys, etc? Basically, I want a file that has the same level and nature of trust as just accessing the original website over HTTPS.
(DIR) Post #AGwcSbTtZBxUovydGK by Hyolobrika@mstdn.io
2022-02-28T19:00:35Z
0 likes, 0 repeats
@Moon Why?
(DIR) Post #AGwceWWbosEKvLvjai by Moon@shitposter.club
2022-02-28T19:02:45.160082Z
0 likes, 0 repeats
@Hyolobrika keys actually used in the connection are secret and temporary and if you kept them around an attacker could get them and use them to decrypt a previous secure session you made to a site. In some cases this could also compromise security of future connections to the site (there's a fix for that but it's not universally in place yet)Something someday that could be done is:1. you are served a file over HTTPS.2. There is a long-lived private key on the site that signs the http content3. provides that signature over the HTTPS connection as a header along with the dataThere are already server extensions that can do this using a PGP key.
(DIR) Post #AGwcyugZhTFTeIJXc0 by Moon@shitposter.club
2022-02-28T19:06:26.434790Z
0 likes, 0 repeats
@Hyolobrika I guess an archive tool could store all the connection information and make it available publicly for public links. That site would have to keep around everything for every connection though. I am not sure things like a secure timestamp would be included either.You wouldn't want to do this for private information or any case where the server is reusing ephemeral keys.
(DIR) Post #AGwh91ignmduB3NhBI by Hyolobrika@mstdn.io
2022-02-28T19:52:35Z
0 likes, 0 repeats
@Moon >keys actually used in the connection are secret and temporary and ...that makes sense actually. the session keys are symmetric, I assume>Something someday that could be done is: ...That's what I thought might be already the case>There are already server extensions that can do this using a PGP key.Such as?Are there tools that can work with them and archival sites that support them?
(DIR) Post #AGwtngr1IQMATtwLD6 by jch@don.bitma.st
2022-02-28T22:14:53Z
0 likes, 0 repeats
@Hyolobrika I believe it just verifies that it was downloaded with valid TLS certificates at the time of archiving and acts as a sort of checksum for the archive of the site. I only skimmed that link I sent you.