From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. Date: Wed, 08 Oct 2014 13:53:35 +0200 Message-ID: References: <1412716565-7786-1-git-send-email-toke@toke.dk> <87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1412769267 30801 80.91.229.3 (8 Oct 2014 11:54:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 Oct 2014 11:54:27 +0000 (UTC) Cc: emacs-devel@gnu.org To: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 13:54:21 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xbpoq-0005tX-KY for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 13:54:12 +0200 Original-Received: from localhost ([::1]:35594 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xbpoq-0000HO-8P for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 07:54:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33843) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xbpoh-0000GE-Qu for emacs-devel@gnu.org; Wed, 08 Oct 2014 07:54:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xbpob-0006N1-KB for emacs-devel@gnu.org; Wed, 08 Oct 2014 07:54:03 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:43456) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xbpob-0006M6-Am for emacs-devel@gnu.org; Wed, 08 Oct 2014 07:53:57 -0400 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XbpoG-0008Pm-IT; Wed, 08 Oct 2014 13:53:36 +0200 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEWjFCbe0y2DUyo0BAr/ /xz//x/+/h3//x0YBdY8AAACW0lEQVQ4jW2UwW7jIBCGqf0CwbG9VxvanGNG6t0SC2dLS3MNrZOe I2Hz+jsDTrupFuQo4tP8/8x4MNP/WTGeHEv/5kdgY1wSeB9+nmcwAjw/KmVg5COw9wgM+BdY5xCQ +Z4BqG+wOCQLgd0jQAtiCDyCg25/IPJgJTzvof4GIRc4MgYCINdidaA6XAaQ1oEagIck5ZYNlAjU qGZrQwyU8QaOKUjCa7D2FLVd7lJHluUG8kCweXSqY8cyARtQi7wJ/ObiSACDhhgDgSRl+kUohlpY DoL4FbGHhlO7EnhrnTvROQLZqYZ3G5DQuJPLgH/A68TZkQBV8xm3CH0+FgdesQ3AgM73lqAArxQC QoPbpHT0BQjHBStzmc1lA3qtFPBesjI3QAx3YE2l5BPvyq7EOhXASwam1aNUwlVix9BHfgFfX/VZ QD+hTXZR1YVa0o74vncguBOUVUKDY4Zrjo8pMOemKzegHPOzn8fZx6ss+wvvGBCEg2NXj+MxtmbZ Pcl+wgZ05NMkKW1QLI476JdKDpJSQ8BxNPzMZ699EapGVHRO5nh+m009tuvpEmXvMlC5QNwkFleA dhI0MgiC5nPanz6uhcSXJliSCphtPda+8b9u4bKXh75Crd4xLNuQ2IqPvmAD1CRKhVl5S7fWoBRm ZqcKa+OixybGPPn+81bfarPcipc3Iai7QQeKQam03fnAZZNASBGGW8qM2/WdGuK2L0PQqZe1r2Oc Cp5e7Z9Exja2ejVttNb5JYFsznH0Q+RpcGMen7B9ZXCa8Tcs+TLnrPC24CVaTjHeT3H9Be2BHSj5 dHczAAAAAElFTkSuQmCC X-Now-Playing: Telex's _I (Still) Don't Like Music: Remixes, Volume 2_: "Tour de France (Seven Dub mix)" X-Hashcash: 1:23:141008:emacs-devel@gnu.org::92Nbr567jXkUNdTS:0000000000000000000000000000000000000000008tF0 X-Hashcash: 1:23:141008:toke@toke.dk::HQCQD59WROG0qhmd:00000PKf1 In-Reply-To: <87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk> ("Toke \=\?iso-8859-1\?Q\?H\=F8iland-J\=F8rgensen\=22's\?\= message of "Tue, 07 Oct 2014 23:55:44 +0200") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) X-MailScanner-ID: 1XbpoG-0008Pm-IT MailScanner-NULL-Check: 1413374016.99801@2LbmR0CP1xuRsBfXkyH93g X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175110 Archived-At: Toke H=F8iland-J=F8rgensen writes: > Right, I can definitely see the point of that, and ultimately this is > definitely desirable. The GnuTLS TOFU mode could be a way to do the > heavy lifting of certificate fingerprint storing and verification etc. > > I don't think I'm sufficiently familiar with the innards of > open-network-stream to implement this, sorry. However, if you agree this > could be a reasonable building block for the user-facing functionality I > could rework the patch to (a) signal an appropriate error code when > verification fails and (b) add a parameter to add the certificate to the > trust chain. The lisp code could then use this functionality (by passing > the appropriate parameters to gnutls-boot) to implement the user-facing > y/no/maybe/whatever on top of it. Yes, that's what the Emacs gnutls code needs: A way to access the certificate, and the verification status of that certificate (i.e., whether it managed to validate it or not, and if not, why not). Then the management of this could be done at a higher level, which would be `open-network-stream'. > Also, I'll add that TOFU can also be used to ensure stronger trust than > just checking that the certificate validates; it can also be used for > certificate pinning to ensure that it doesn't change. This is what I use > it for personally, and I consider it a nice added security... Yes, `open-network-stream' would implement certificate pinning. That is, it would store a fingerprint of the certificate and query the user for what to do when that changes. It would also use that to keep track of whether a STARTTLS connection suddenly starts not offering STARTTLS, which would be a typical symptom of a man-in-the-middle attack filtering out the STARTTLS dialogue from the server. If you implement the C gnutls bits, that would be great. Then somebody else (ahem, probably me) could do the `open-network-stream' bits... --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no