💾 Archived View for rawtext.club › ~sloum › geminilist › 005770.gmi captured on 2023-11-14 at 09:52:20. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[spec] Certificate trust

Sean Conner sean at conman.org

Mon Mar 1 03:07:02 GMT 2021

- - - - - - - - - - - - - - - - - - - 

It was thus said that the Great Solene Rapenne once stated:

On Sun, 28 Feb 2021 20:27:26 +0100
Côme Chilliet <come at chilliet.eu>:
I’m failing to see how TOFU can provide any security, especially if
there is no way to announce a renewal by sending both new and old cert
or something, there is a MITM possibility at each renewal. The only TOFU
example I’ve seen cited is openssh, which seems offtopic because you
usually do not ssh into random machine on the internet by following
links like you do with Gemini.
I suggested something on IRC a while ago, I'm not sure this would be a
good idea but I'll share it here.
Instead of TOFU, 2 mecanisms could be used:
1) Check chain of trust of the certificate, with let's encrypt and other
provider (they are not alone anymore) it's easy to get a valid certificate

The viability of this approach may depend upon the TLS library used. Iuse libtls, and I really only have two options:

1. Do the whole CA thang and let the underlying TLS library validate the certificate.

2. Do no validatation whatsoever, leaving the validation up to the client.

To do this, I would have to disable validation entirely, and do itmanually, dipping into the nasty API that is OpenSSL. I would have to checkother servers to see how they are handling this and if I could do the samething.

2) If 1 is invalid, let's (introduce something new here) check if
DNS doesn't have a TXT field with the certificate fingerprint and
see if it matches the current one, accept if OK
3) if 2 found a TXT that doesn't match, tell the user, if it matches,
accepts, if no TXT, TOFU?

The general problem with this is not the actual DNS RR used (TXT, SSHFP,etc), it's making the DNS call itself. If you haven't dived into the messthat is DNS and resolving libriaries, it gets about as nasty as TLS withabout a half dozen libraries that aren't compatible at all. POSIX systemscome with getaddrinfo(), but that only covers A and AAAA record types. Ifyou want *any* other type of DNS record, you are pretty much forced toeither use one of the horrible DNS resolving libraries or roll your own. Iwould tout my own DNS library [1], but it's in C (and has a Lua wrapper forit).

I'm not saying this is a bad idea. I'm just saying there are issues withit ...

-spc

[1] https://github.com/spc476/SPCDNS