Related work
If you know additional projects or have more information please feel free to add them!
The problem Perspectives tries to solve is: the server authenticating itself to the client (not the other way around).
Convergence Extra (AMO) is the most active fork of Convergence. The original Convergence (Wikipedia, Github) was a project with the focus on "Trust agility" and was actually based on the idea of Perspectives but tried to resolve some of Perspectives' limitations:
- No embedded content support
- Privacy issues
- Unresponsive servers
see SSL And The Future Of Authenticity (Video)
Current status of these limitations in Perspectives (also see Roadmap, Perspectives mailing list - Convergence):
- Implemented in embedded_content branch, needs to be merged.
- Needs to be implemented, see #81.
- Should be fixed with the new nginx servers but the notaries need to be updated
The original project was abandoned in March 2012 ( for reasons yet to investigate ).
Current status of Convergence Extra 2014-Nov @lambdor:
I found a list of public notaries here Convergence Wiki - Notaries. Of those notaries I was only able to download: thoughtcrime.org, ccsl.carleton.ca, void.gr, wsg.no, dc585.info, hsbp.org, intrepidusgroup.com, khjk.org, netomatic.de, schuurman.com, secyoure.com. Of those, using the scheme descripted in Convergence Wiki - Notary-Protocol, I only got reponses from: intrepidusgroup.com .. error 500 secyoure.com .. error 503 hsbp.org .. 200
Try: https://notary.hsbp.org:8443/target/github.com+443
Debugging the extension also revealed that Convergence suffers from the same getRecentBadCerts removal. Using the hsbp.org notary and Firefox 32 thus then successfully validated my connection. I am missing the result view of Perspectives though. So much for the current state of the network and extension of Convergence.
TODO
- Why was the original project abandoned? Did the original author come up with a problem in the underlying concept?
- What is the Convergence's people opinion on the current status of the project and the network?
- Are Convergence notaries only intended for private use?
from the Convergence Extra readme @mk-fg:
... all notaries I use are private anyway and there aren't any useable public ones (due to compatibility things outlined above), ...
Monkeysphere is a set of tools (including a Firefox extension, see AMO) which builds on top of OpenPGP's Web of Trust to authenticate connections.
44:20 The kinds of trust that I'm talking about here and the kinds of trust that are relevant for the Web of Trust are ... 44:41 ... the trust in particular that I trust this person to properly identify other parties ...
tested successfully with [Firefox] 17.0 and 24.0
Current status of Monkeysphere 2014-Nov @lambdor:
However I couldn't even get it to show up in the browser. In the talk from Next Hope 2010 the authors mention it should show up in the status bar. The status bar was replaced by the addon bar in Firefox 4, which in turn was entirely removed in Firefox 29 >_<. I tried the "add addon bar extension" with Firefox 35, I tried the original addon bar in Firefox 28, I tried Firefox 22 which is the last officially supported version. I also tried Firefox 3.6 but they didn't support Linux x64 back then so I gave up. Besides that, the actual extension code is very minimalistic and there is nothing to loot, except perhaps for the overall approach, which is very interesting.
TODO
- Contact the Monkeysphere authors on the current state of the Firefox extension!
- How do you get the Firefox extension to work?
- Do they Monkeysphere people consider "network perspective" (i.e. notaries) obsolete or do they see a place on top of the Monkeysphere layer? (IMPORTANT!)
These approaches enable anyone to run a server with an "append-only" log of certificates (and expirations, revocations etc.) and thus provide an oversight of all CA certificates on the web. Because any new entry is hashed using the hash of the previous entry the log cannot be altered and rogue CAs or maliciously issued certificates can be revealed more easily (see DigiNotar incident).
These entries can either be added by the servers themselves crawling the web or CAs notifying of any certificate changes. The webcrawling approach is similar to Perspective's notaries with the additional advantage that it's harder to change the timestamps afterwards.
- eff.org - Sovereign Keys: A Proposal to Make HTTPS and Email More Secure
- ccc.de - 28C3 - Sovereign Keys: A proposal for fixing attacks on CAs and DNSSEC (Video)
Certificate Patrol is a Firefox addon (AMO) which highlights suspicious values in certificates (e.g. fingerprint changes long before the expiration date). Last update was in 2011.
The TOFU principle assumes that an attack is unlikely to happen on the first connection to a host. The certificate is cached ("pinned") and later used in any subsequent connections. While it works most of the time it is inherently insecure and also doesn't accommodate for new or additional certificates of the same host (see TACK).
TACK is a TLS extension that requires the server to create and send - along the with the certificate - an additional public key (TACK signing key (TSK)) which is cached and used to assert any future certificates. This solves the problem of TOFU of having a host potentially use different certificates on different servers signed by different CAs (or rogue CA issuing false certificates). The TSK is trusted on first use and therefore suffers the from the same basic problem.
Public key pinning is similar to TACK except it's implemented as an HTTP header.
Secure Links store information of the fingerprints that are to be expected when visting the link. These fingerprints could be retrieved by the webserver crawling the actual link.
Example:
<a link-security="expiry=1357849989; pin-sha256=YWRmYXNkZmFzZGZhc2RmcXdlcnF3ZXJxd2VycXdlcnF=; pin-sha256=LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=;" href="https://www.example.com">a secure link!</a>
@secure-links.org:
Some of these directives relate to protocols (DNSSEC, DANE, CT, TACK, Sovereign Keys) which aren't yet widely deployed, but they demonstrate the power of the s-link framework.
FreeSpeechMe is a fork of Convergence (Github) adopted to use the Namecoin blockchain to store certificate information. Namecoin uses the decentralized proof-of-work concept of Bitcoin to provide resistance against censorship (i.e. an agent cannot force the blockchain (the "CA") to send out fake certificates). The original problem of "checking authenticity" still persists as the blockchain has to be retrieved from somewhere using any of the measurements mentioned here. Once the blockchain reaches a large enough difficulty and a significant part of the blockchain has been received by a client it's exponentially harder to exchange it with a compromised blockchain of the same size even for someone with huge computational resources.
X.509 certificates provide two revocation mechanisms:
- Certificate Revokation Lists (CRL) which are lists of all revoked certificates by a CA. Because the list grew too large over time they are not widely used anymore.
- OCSP which enables querying the current status of a single certificate. Because this reveals the visited site to the CA it raises a privacy issue.
With OCSP stapling the visited webserver "staples" the OCSP status of the certificate to the response. The integrity of the response in turn is guaranteed by the signature of the CA.
Also see "OCSP must-staple".
- OWASP AppSec Research 2013 - A Qualitative Comparison of SSL Validation Alternatives (PDF, Video)
- Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure (PDF)
- Certificate Transparency - Comparison with Other Technologies
- ccc.de - 28C3 - Sovereign Keys: A proposal for fixing attacks on CAs and DNSSEC (Video):
- @lambdor: Sorry for the bad quality but this image is taken from a video as I couldn't find the original document online.
-
Search for Trust: An Analysis and Comparison of CA System Alternatives
and Enhancements (PDF)
- NOTE: This paper was probably sponsored by DigiCert so there is a conflict of interest. As such it doesn't come as a surprise that the current CA system ranks highest :)
-
Dename - NameCoin-style names using consensus instead of proof-of-work
- @lambdor: A hash log (see Sovereign Keys) with first-come-first-serve registration(!) and a qourum to verify it's integrity.
-
CONIKS - Privacy-preserving system for automatic key discovery and validation
- @lambdor: Key exchange server using a hash log (see Sovereign Keys).