From: Juliusz Chroboczek <jch@irif.fr> To: "Michael Ströder" <michael@stroeder.com> Cc: galene@lists.galene.org Subject: [Galene] Re: Heads up: Galène generates self-signed certificates Date: Wed, 24 Feb 2021 22:16:44 +0100 [thread overview] Message-ID: <87im6hqi83.wl-jch@irif.fr> (raw) In-Reply-To: <9fb4bedf-0195-7515-dc54-2d225504f874@stroeder.com> > Yes, sometimes I have very strong opinions too. ;-) Good, because so do I. >> I implemented automatic generation of self-signed certificates if >> a certificate is not found in the data/ directory. > it's IMHO not very useful. I strongly disagree. Good security relies on carefully balancing security with usability: if a security protocol is not usable, people will use insecure alternatives instead. A case in point: secure telnet (telnet over TLS) was not usable in practice (it required setting up a CA), so we kept using plaintext telnet; it's only when ssh came out, which was easy to use (TOFU authentication), that we started encrypting our traffic. The self-proclaimed security specialists were yelling at us that ssh's model is insecure, that there is no key revocation mechanism, and that we must deploy our own CA or be tortured for all of eternity. Same here. What is really insecure is people trusting third-party services with their private data. By making Galène easier to deploy by non-specialists, we're improving the security of the Internet, even though we might make it easier to deploy Galène in a manner that the "use a centralised CA or I kill you" crowd don't condone. >> 1. If you're currently using a real certificate (stored in data/cert.pem >> and data/key.pem), there's nothing to do. The only difference is that >> Galène will notice when you update the certificate, and load the new >> certificate automatically. > Does it also check whether cert and key match, e.g. have same RSA > modulus? Yes. If the moduli don't match, you'll get an error in the log ("tls: private key does not match public key") and the connection will fail. > That's one of the very common configuration errors. And when > automatically reloading two files there is a race condition. If you hit the race condition, you'll get the error above. Galène will recover at the next connection attempt. > If at least one of cert.pem and key.pem are present but it does not > work, please ensure that it fails early, fails hard. An accidential > fall-back to a transient self-signed cert has to be strictly avoided. Currently, we fall back to the self-signed certificate if either of the two files is missing. Could you please describe the kind of attacks that you're worried about? >> The self-signed certificate uses 2048-bit RSA, which I understand is >> compatible with all browsers. I could easily generate ed25519 or P-256 >> instead, if you understand the crypto please let me know what to do. > A transient self-signed cert gives no security at all I strongly disagree: a self-signed cert prevents passive attacks. Your ISP can perform a passive attack without being noticed, and if you catch them they can claim they made a mistake. If you catch your ISP doing an MITM, you can save the spoofed certificate and drag them to court. > So it's waste of time to seriously think about the crypto stuff. A TLS handshake with RSA is some 4kB, EC could bring this down to a few hundred bytes. Probably not an issue for Galène, but something to think about if you're deploying a service over low-throughput links. -- Juliusz
next prev parent reply other threads:[~2021-02-24 21:16 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-02-24 19:30 [Galene] " Juliusz Chroboczek 2021-02-24 19:47 ` [Galene] " Michael Ströder 2021-02-24 21:16 ` Juliusz Chroboczek [this message] 2021-02-24 21:24 ` Juliusz Chroboczek 2021-02-24 21:29 ` Dave Taht 2021-02-24 21:55 ` Toke Høiland-Jørgensen 2021-02-24 21:57 ` Michael Ströder 2021-02-24 22:25 ` Juliusz Chroboczek 2021-02-24 22:02 ` Juliusz Chroboczek 2021-02-24 21:44 ` Michael Ströder
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=87im6hqi83.wl-jch@irif.fr \ --to=jch@irif.fr \ --cc=galene@lists.galene.org \ --cc=michael@stroeder.com \ --subject='[Galene] Re: Heads up: Galène generates self-signed certificates' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox