On Tue, Nov 18, 2014 at 10:53:30PM -0500, grarpamp wrote:
On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis desnacked@riseup.net wrote:
plans for any Tor modifications we want to do (for example, trusting self-signed certs signed by the HS identity key seem like a generally good idea).
If the HS pubkey and the onion CN were both in the cert, and signed over by that same key all corresponding to the url the TBB is currently attempting to validate, that would seem fine to me. No interaction with the controller (which may not even be accessible [1]) needed to get the HS descriptor (pubkey). Security is limited to 80-bits, or the future wider proposal. It's also a TBB specific extension. All other browsers pointed at socks5 somewhere will still rightly fail, unless adopted upstream (which MSIE won't do) or via standards. Note that this is not 'turning off the warnings for all .onion', it's recognizing that attestation of the HS key is sufficient to show ownership of that service. Whereas under various attacks a traditional selfsigned cert is not.
Ah, great. Adding the pubkey to the cert is a nice idea, as well.
M. Finkel: habit, where we're conditioning the younger generation to click-through,
It's suggested the right training is to teach the contexts in which they should care... banking, email, accounts, etc... and then to in fact just click through (everyday browsing) unless they're under a context where they actually care. Even though you have the helmet, you train and care wear a helmet for racing, not walking. The mandantory warnings are there for people who care about their context, not those who don't. My beef is that it requires more than one click in FF to get through.
Understood and I agree (though I'm not sure that analogy is great but oh well ;) ). With regard to the warning, I think I'm most opposed to it because it's so unuseful to most people. We're already using TOFU for this, so if there was a single button that makes it simple for the common-case, then I'd be happy with that.
This still raises the unfortunate question of whether anyone knows what to do if they get the invalid cert warning from their bank's website, but that's for another thread.
To be clear, I think it's critically important that the user is told when security assumptions are broken, but I'm opposed to keeping the current error page if we have the ability to make it better. I hope this was understood in my email, but maybe I failed at that. I don't want to get rid of the error message, but I want Tor to be able to provide a way for operators to use TLS certs where these certs provide the necessary assurances and don't cause the error condition. Where, as a result, a user will only see the cert error if the operator intended them to see it or if the connection was MITM. I think we all agree on this.
Yes, I did say "Eliminating self-signed certificate errors when connecting to hidden service sites will be a significant usability improvement.". I guess that was poorly worded and I didn't take into account operators/administrators who want their users to see the error and add a special exception for their cert, sorry. I simply want a way for a HS operator to be able to create a self-signed cert for their website and not force every visitor to their site to add an exception for that cert.