fsebugoutzone.org:9999

       Post AcrdbNt7PajdmFowYy by mjg59@nondeterministic.computer
 (DIR) More posts by mjg59@nondeterministic.computer
 (DIR) Post #Acr2npSt0j4WTbcbey by mjg59@nondeterministic.computer
       2023-12-16T03:32:08Z
       
       0 likes, 0 repeats
       
       Ok! https://github.com/mjg59/openssh-portable/commit/5480e3034010aaf061acec51e36d0916c1d7b83f is a hacky first pass at allowing TOFU for SSH certificate CAs rather than the host keys themselves. This means that an admin can update the host keys on a server by simply issuing a new certificate for the new key, rather than jumping through the key update protocol. This only adds the CA for the specific hostname, so assuming the CA private key is at least as well protected as the host key this shouldn&#39;t be a net reduction in security?
       
 (DIR) Post #Acr2wB4gYBV3oYHar2 by mjg59@nondeterministic.computer
       2023-12-16T03:33:32Z
       
       0 likes, 0 repeats
       
       You can test this by simply sshing to a server that has a certificate but isn&#39;t currently in your known_hosts - saying &quot;yes&quot; should result in the CA key being written to known_hosts instead of the host key. If you create new host keys and sign them with the same CA key, you should be able to reconnect without warnings.
       
 (DIR) Post #Acr3xN3Pb2ULDBotpA by mjg59@nondeterministic.computer
       2023-12-16T03:45:17Z
       
       0 likes, 0 repeats
       
       The rather more difficult part of this is that if you&#39;ve had a key compromised then you need to revoke the cert, and this doesn&#39;t handle that (somewhat more complicated) side of things. So, uh, some more work to do.
       
 (DIR) Post #Acr5pNXY6ZxKJLEWIa by mjg59@nondeterministic.computer
       2023-12-16T04:05:57Z
       
       0 likes, 0 repeats
       
       I think the &quot;right&quot; answer here is for a server to be able to provide a signed key revocation list during handshake and then have that extend the local revoked host list if it&#39;s signed by a CA trusted for that hostname?
       
 (DIR) Post #Acr60OorgmdLSpaUc4 by drsbaitso@infosec.exchange
       2023-12-16T04:06:35Z
       
       0 likes, 0 repeats
       
       @mjg59 So to put it another way, you&#39;re essentially adding standard certificate rotation support and tiered PKI to OpenSSH?I do not mean this in a negative way. Much of Linux&#39;s nuts and bolts are terra incognita for me.
       
 (DIR) Post #Acr6BT840RbG11qVmK by mjg59@nondeterministic.computer
       2023-12-16T04:09:05Z
       
       0 likes, 0 repeats
       
       @drsbaitso Oh gosh no, no tiered PKI, the certificate format doesn&#39;t support chaining
       
 (DIR) Post #Acr6fBNgYca1etJzrU by drsbaitso@infosec.exchange
       2023-12-16T04:15:40Z
       
       0 likes, 0 repeats
       
       @mjg59 Huh.My day job is PKI admin for Windows/Active Directory and Web Servers, and I&#39;ll be honest that the little bit I have to interact with my friends on the Linux teams leaves me scratching my head. Linux systems handle certs in a way that feels like it was designed in the 70s/80s with some minor updates in the 90s and just left it there.
       
 (DIR) Post #Acr9Br7x55sqJ6faym by drsbaitso@infosec.exchange
       2023-12-16T04:43:43Z
       
       0 likes, 0 repeats
       
       @mjg59 @lilstevie My brother in security, you are literally just reinventing internal/private PKI.
       
 (DIR) Post #Acr9Ng0WFaTRIJpVey by mjg59@nondeterministic.computer
       2023-12-16T04:45:30Z
       
       0 likes, 0 repeats
       
       @drsbaitso @lilstevie OpenSSH has explicitly rejected x509-based approaches because the degree of complexity adds little to the SSH security model but parsing asn.1 is just fucking awful
       
 (DIR) Post #AcrH4nJRfH7q5BBoX2 by alwayscurious@infosec.exchange
       2023-12-16T06:12:02Z
       
       0 likes, 0 repeats
       
       @mjg59 @drsbaitso @lilstevie ASN.1 can be parsed safely in C but doing so is a total nightmare.
       
 (DIR) Post #Acra3tcccTu6URRcaO by dymaxion@infosec.exchange
       2023-12-16T09:44:58Z
       
       0 likes, 0 repeats
       
       @mjg59Oh damn — it would be really nice to be able to use an offline root with this. Still cool, though! @drsbaitso
       
 (DIR) Post #AcrdbLPGdbfW55q4ky by SpaceLifeForm@infosec.exchange
       2023-12-16T05:33:28Z
       
       0 likes, 0 repeats
       
       @drsbaitso @mjg59 If it is not broke, don&#39;t fix it.
       
 (DIR) Post #AcrdbMJzEj2Sv0NNAG by dngrs@chaos.social
       2023-12-16T10:04:45Z
       
       0 likes, 0 repeats
       
       @SpaceLifeForm @drsbaitso @mjg59 ever worked with, say, PEM files on a source code level? It&#39;s an absolute nightmare and the entire infrastructure around ASN.1, openssl etc &quot;&quot;&quot;&quot;works&quot;&quot;&quot;&quot; but after seeing how it&#39;s all duct taped together under the hood I&#39;m not surprised at all when another CVE comes around. (This is not an endorsement of how MS does things, I have zero experience there, but &quot;even more unpleasant&quot; would be a really high bar to clear)
       
 (DIR) Post #AcrdbN9k8IRHVWahpw by drsbaitso@infosec.exchange
       2023-12-16T10:16:52Z
       
       0 likes, 0 repeats
       
       @dngrs @SpaceLifeForm @mjg59 Yea, I support PKI for a major American retailer. I&#39;m not on the application programming level myself, but I support all the folks who are. And many, many folks start from &quot;Okay, Security said I gotta have a certificate for this. What do I do now?&quot;On the MS side, Active Directory, ADCS, and GPOs make it Just Work™️ once you&#39;ve got it set up. Every user and device in my domain automatically has a valid certificate when the log in. And that cert can authenticate and encrypt the RDP or PSR traffic automatically.It does take a lot of work and knowledge to get to that point, but the day-to-day maintenance is very, very low.I do have a saying: &quot;Every day I don&#39;t have to run OpenSSL is a good day.&quot; I&#39;m not joking when I say that.
       
 (DIR) Post #AcrdbNt7PajdmFowYy by mjg59@nondeterministic.computer
       2023-12-16T10:24:15Z
       
       0 likes, 0 repeats
       
       @drsbaitso @dngrs @SpaceLifeForm My job is developing certification authorities for devices based on hardware identity separate from any AD stuff that works for Windows, Mac, and Linux - it&#39;s part of both our corporate security and our product security (want to make sure the trucks are in the correct configuration before they&#39;re allowed to operate autonomously!). I&#39;m very familiar with what the market provides and what the shortcomings of AD are.
       
 (DIR) Post #AcrgXa6qKZbCNx7PEW by raito@nixos.paris
       2023-12-16T10:55:20Z
       
       0 likes, 0 repeats
       
       @mjg59 neat, any chance you think that upstream would accept this change?
       
 (DIR) Post #AcrhjMLBRqrR6z0RcG by mjg59@nondeterministic.computer
       2023-12-16T11:10:08Z
       
       0 likes, 0 repeats
       
       @raito I will finish writing it and we will find out
       
 (DIR) Post #AcrnHcwOjcrODGZXua by wamserma@hachyderm.io
       2023-12-16T12:13:10Z
       
       0 likes, 0 repeats
       
       @mjg59 Rolling out CRL updates to each server is a pain. I&#39;d rather have short lived certs per server.
       
 (DIR) Post #AcrngPmcn9Iie2owZE by mjg59@nondeterministic.computer
       2023-12-16T12:17:45Z
       
       0 likes, 0 repeats
       
       @wamserma It pretty much depends on your threat model but yes short lived certs also make this work
       
 (DIR) Post #Acrnp2RsuzbAseER16 by mjg59@nondeterministic.computer
       2023-12-16T12:18:11Z
       
       0 likes, 0 repeats
       
       @wamserma (the hard part is figuring out what the correct default client policy should ne)
       
 (DIR) Post #AcsMjsTo3IJKuTPBQ0 by QuatermassTools@infosec.exchange
       2023-12-16T18:49:50Z
       
       0 likes, 0 repeats
       
       @mjg59 stapled short-life ocsp