1. 20
    openbsd changes of note 625 openbsd tedunangst.com
  1.  

  2. 2

    Tedu’s blog is not accessible from Brazil so I end up having to access using a proxy located in the USA. Not sure this is intentional.

    1. 4

      That was not entirely intentional. I’ve been been getting crazy amounts of spam from virtua recently, maybe you got a bad IP. I made a few changes to separate email and www filters.

      1. 1

        Yup, it works again! Thanks.

      2. 1

        How is it not accessible?

        1. 4

          Tedu’s blog is not accessible from anywhere because he intentionally broke SSL on it to make a point and also set up a forced redirect.

          1. 2

            Ooh. I have a script set up which sends articles from various RSS feeds to my Kindle, including tedu’s blog. Sometime earlier this week it stopped working. I haven’t SSH’d in yet to check, but maybe this is why.

            1. 1

              Tedu’s blog is not accessible from anywhere

              That is not true.

              Your comment does nothing answer the question I had. How exactly is it broken for utzig, and why in Brazil in particular?

            2. 1

              I use virtua which is the biggest cable internet provider in Brazil. As he answered already, seems that there were some filters which were filtering both email and www

          2. 2

            Is it only for me that I get an SSL error due to a seemingly self signed certificate? - or is this on purpose?

            1. 4

              It’s not only you. It is on purpose.

              You’ll have to trust tedu a little if you want to read his blog. ;-)

              1. 2

                I don’t know if my browser got the right cert, but the information presented on the page I got certainly seems to be correct (i.e. matches commits I’ve seen on source-changes@).

                1. 3

                  Of course there’s no reason to assume you’re getting the same information as anyone else.

                  1. 1

                    True :)

                2. 1

                  It’s on purpose.

                  Unfortunately lobste.rs deliberately doesn’t let users hide all posts from particular domain. Any chance of a broken-ssl tag, or a policy to disallow links with dodgy certificates like this?

                  1. 6

                    It’s not a broken or dodgy cert. The difference is the trust model that @tedu is using. He is asking users to put trust in him vs a CA (https://www.tedunangst.com/flak/post/moving-to-https - I know you can’t see it without the cert). The important part is this:

                    Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.

                    The difference now is that your browser paints a terrifying UI vs rendering stuff with a cert it doesn’t know about.

                    The model he is using is similar to SSH’s “Trust on first use” but with a few extra steps to cope with the UI that operates via the “Trust anything from these guys, they are totally OK, right? RIGHT?” model.

                    Anyway, here is the cert, a sha256 sum and its sha256 fingerprint of it if you feel like importing it into your browser:

                    -----BEGIN CERTIFICATE-----
                    MIID2TCCAsGgAwIBAgIJAJIn/VMsBJrpMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
                    BAYTAlVTMQswCQYDVQQIDAJQQTEXMBUGA1UECgwOdGVkdW5hbmdzdC5jb20xGjAY
                    BgNVBAMMEWNhLnRlZHVuYW5nc3QuY29tMSIwIAYJKoZIhvcNAQkBFhN0ZWR1QHRl
                    ZHVuYW5nc3QuY29tMB4XDTE3MDcxMzIzNTMwNloXDTIxMDQwODIzNTMwNlowczEL
                    MAkGA1UEBhMCVVMxCzAJBgNVBAgMAlBBMRcwFQYDVQQKDA50ZWR1bmFuZ3N0LmNv
                    bTEaMBgGA1UEAwwRY2EudGVkdW5hbmdzdC5jb20xIjAgBgkqhkiG9w0BCQEWE3Rl
                    ZHVAdGVkdW5hbmdzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
                    AQC3uH7heRPPoxNFbhmHBbXzMqEClGxtEPaqVi6/owmviK5Yk7AvQ4ro5F740znk
                    fwno8tj5RPjDUpIBJkpBKBdTg23pHZOHAmioK11g0V6E8GIebKHvQi/iI/NCIRtq
                    +hfMCrwsfdX5lOE9HJyaiamdXrDUR1PNA4G7EEUamnVQqOT9+Y7Bbh2qaxvJ6bjw
                    43ytgzbDYUAFrsAiAzydPqX+FSQBTrB+pea2MEzNuevZFmBMdGUfvIHTmnp+PmUD
                    r/flLsDKaMNZL8HK4KydI0eInrTuoI9kd+Zu3L4ZmQVOTt7XV0ezHsROrqOxwpqd
                    9a1DCVXvOnuHuN7UwgYZIQ/XAgMBAAGjcDBuMAwGA1UdEwQFMAMBAf8wHgYDVR0e
                    BBcwFaATMBGCDy50ZWR1bmFuZ3N0LmNvbTAdBgNVHQ4EFgQUkrTp53Wxxq82rhLk
                    ltMCZGIQRQ0wHwYDVR0jBBgwFoAUkrTp53Wxxq82rhLkltMCZGIQRQ0wDQYJKoZI
                    hvcNAQELBQADggEBAKIOxuH4fMiiZXgL6ABUIzpmDWNQVYN89svUwezAOGbs8WV1
                    rTzoGBVoKwsXoiCI49nWdKaVMdOfoKUgmq2TrF3mST7+D/py+4XPPiJwcekOlwJ0
                    LJT41D1urH2YyGRz9vNFLeFmgwvQLExqWbOhPRG0YOoGR5W41JtVOyTsll6Z0qbQ
                    jkWBj/g5g8slVISfCKP7pH3CVmEUGbbZd5FiUrR+WDP9XOrPDsneX4/XkbLZ+ZNH
                    Z+RxNGlJ6txIQcSTmtsQqHTLdKRoAWT7YxmvPB9pfZ8bDsRSNjohF0QkxM0Y9qxf
                    Xf7xlhGJs7KkNn4LteI5vwjf+9U6Wtbm/Vr5MsU=
                    -----END CERTIFICATE-----
                    
                    SHA256 (ca-tedunangst-com.crt) = 049673630a4a8d801a6c17ac727e015fbf951686cdd253d986e9e4d1a8375cba
                    
                    SHA-256 Fingerprint	AA DD 6D 06 88 7B 36 60 67 56 00 AB D0 76 FB B4
                    			3C 60 10 14 5D AB 4D 39 06 F8 24 08 4B 14 D2 BE
                    

                    I have also signed this message using my pgp stuffs. I guess this means we have a lobste.rs based web of trust using the Comments protocol?

                    The real question in all of this shouldn’t be “why is @tedu using broken / dodgy certs”, it should be: Who do you trust more?

                    Raw post / sig: https://deftly.net/lpost.txt https://deftly.net/lpost.txt.asc

                    PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE

                    1. 3

                      I wouldn’t mind importing the CA, but how well does the name constraint work in Firefox?

                              X509v3 extensions:
                                  X509v3 Basic Constraints: 
                                      CA:TRUE
                                  X509v3 Name Constraints: 
                                      Permitted:
                                        DNS:.tedunangst.com
                      

                      This is actually cool if it works!

                      1. 4

                        Should work in all “modern” browsers. I did some testing to confirm. There’s a lot of stackoverflow answers that it doesn’t work, but most of them are old. They do make it difficult to find out.

                        1. 1

                          Edge seems to not like it - though I am not 100% sure I imported the cert into the correct store.

                          1. 5

                            Definitely works with edge. It has to go into the “Trusted Root CA” store, not the “Third-Party Root” store, or any of the other dozen. If you let it pick on its own, I have no idea where it goes. Fun times. You should get yet another warning that you’re about to do something terrible and dangerous. If you don’t see the scary message, you didn’t put it in the scary place. :) You can add it for just your user, not the whole machine.

                      2. 2

                        It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA). I have no interest in importing some random blogger’s CA into my browser or adopting some manual CA import process in the general case (I’m willing to support efforts at a practical web of trust system - I actually used the monkeysphere addon for a while, but it now seems defunct). I would expect most security-conscious readers to feel the same. As such, I’d like to be able to filter sites like this out of my lobste.rs frontpage.

                        1. 4

                          It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA).

                          Why is tedu’s cert any more dodgy than what you get from all those reputable CA’s that have made sure governments can MITM you at will?

                          1. 2

                            A CA that had been caught doing that would present the same way as tedu’s CA. Should browsers be stricter than they are? Maybe, but even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.

                            1. 2

                              Do you trust ssh fingerprints when you ssh into a machine? Do you use pgp?

                              1. 2

                                Do you trust ssh fingerprints when you ssh into a machine?

                                There are about 2 machines I ever ssh to over the public internet, for which I confirmed the fingerprints manually.

                                Do you use pgp?

                                I use PGP for email exchanges with a small number of personal friends, who I confirmed fingerprints with in person.

                                1. 3

                                  Isn’t that the same trust model as using tedu’s cert?

                                  I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done - you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)

                                  I will give ya that pgp is a bit different, but only for manually verified fingerprints. I am willing to bet that the vast majority of people using pgp for things like validating mails / releases of packages use the “Trust on first use” model.

                                  1. 2

                                    I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done

                                    I mean I visited those specific physical machines and confirmed the fingerprints on their consoles.

                                    you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)

                                    Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”. Browser makers and CAs both have a lot more skin in the game than some guy with a website.

                                    1. 3

                                      Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”.

                                      This is where the tedu model shines! You aren’t being asked to trust “tedu” beyond anything that isn’t already under the control of tedu, and, no third parties involved. I feel like a lot of the accountability problems fall by the way side when you are operating on an individual-site-level of trust vs a here-are-the-sites-we-trust model.

                                      1. 2

                                        No, I’m being asked to trust the public network path from me to… well, who knows where? Verifying that the site I see the second time is the same as the site I saw the first time is the easy part (and something that, in this age of HKPK, browsers are doing even in the CA world). Verifying the first time one visits is important too though.

                              2. 2

                                A CA that had been caught doing that would present the same way as tedu’s CA.

                                I don’t see how anyone could know this with absolute certainty. Can you provide a proof for this claim?

                                1. 2

                                  I’m not sure what your “absolute certainty” point is? What you see when you go to tedunangst.com is a site with a certificate signed by a CA that’s not in your browser’s trusted roots - this is exactly what you get when you go to sites from CAs that were caught helping governments MitM and have therefore been removed from your browser’s trusted roots (currently only WoSign).

                                  1. 2

                                    I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.

                                    How can anyone know that all of the CAs in their browser will never break the rules you describe, such that CAs wll never, knowingly or unknowingly, validate a certificate they have no business validating?

                                    However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.

                                    1. 1

                                      I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.

                                      I don’t either, but they are at least public figures that have some accountability that way. If Mozilla or VeriSign shipped a bad certificate, there’s at least a chance that people would notice and make a fuss, and that there would be financial consequences for those organizations (as we’ve already seen with WoSign). If tedu (who I don’t know either) shipped a bad certificate, who would know or care?

                                      However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.

                                      How so? You can validate and store any site’s certificate if you want to, CA signing just gives you an additional level of validation. Indeed if a site is using HPKP then your browser will already be doing a trust-on-first-use style of validation on subsequent visits - just with additional verification on the first use.

                                      1. 1

                                        Doesn’t HPKP imply that the TLS trust model is admittedly so broken that it needs a workaround at the HTTP layer? What about TLS for, say, email? Will all applications using TLS have to solve this problem which TLS was intended to solve?

                                        I have not read about TLS 1.3 yet. Maybe the new edition has fixed this?

                                        1. 2

                                          The TLS model is fine. HPKP gives the super-paranoid folks a way to get what they want without breaking compatibility with the rest of the system, that’s all.

                                          Authentication probably needs application-layer components, because only the application can really define the security model. Drop-in encryption at the transport layer only goes so far. Web browsers align nicely with domain names; ssh aligns nicely with Unix user accounts, but other domains require their own models.

                                2. 1

                                  A CA that had been caught doing that would present the same way as tedu’s CA.

                                  Caught? By governments?

                                  They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.

                                  even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.

                                  Can you guess one of the requirements for meeting that bar?

                                  1. 2

                                    Caught? By governments?

                                    Caught by browser vendors, or by anyone who published evidence.

                                    They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.

                                    If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency. WoSign was caught and will never be trusted again. Maybe some governments could be keeping a few compromised CAs in the back pocket and using them occasionally for strictly targeted attacks against individuals, but even that’s risky. And principled people do exist, and any ongoing compromise would risk bumping into one sooner or later.

                                    Can you guess one of the requirements for meeting that bar?

                                    Oh FFS. Speak clearly or not at all; I have no interest in playing games.

                                    1. 1

                                      Oh FFS. Speak clearly or not at all; I have no interest in playing games.

                                      I thought it was clear that making it possible for governments to MITM people was the requirement I was referring to.

                                      On a related note, not bothering happy cartel members with actual competition is one of the requirements for a banking or ISP licence.

                                      If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency.

                                      What’s “certificate transparency”?

                                      WoSign was caught and will never be trusted again.

                                      Looks like WoSign was caught being compromised by some random criminals or something - not governments. If that’s the case, WoSign isn’t relevant to our discussion.

                                      Maybe some governments could be keeping a few compromised CAs in the back pocket

                                      Maybe? You know there’s always a bunch of psychopaths everywhere, happy to receive bribes/benefits for shafting all of mankind, and if that’s not an option, they can just directly force some people to make it happen.

                                      What would you expect? “Oh gosh, we sure would LOVE to see all that traffic, but it’s encrypted so I guess there’s nothing whatsoever we can do about it ever!!”

                                      1. 1

                                        Looks like WoSign was caught being compromised by some random criminals or something - not governments.

                                        I think in practice it makes very little difference. The intentions are the same.

                                        1. 0

                                          I think in practice it makes very little difference. The intentions are the same.

                                          I wonder if you genuinely believe that. But no, the intentions are completely different.

                                          The government won’t MITM you to get your money - they just take your money by force every year anyway.

                                          Instead, the government wants to MITM you so that they can identify you as a potential threat to their continued rule over everyone, and move to neutralize the threat if necessary.

                              3. 4

                                I like to think that I am a security conscious user. I met @tedu in person and I trust his self signed certificate more than a third party emitted certificate. Would I trust him signing a cert for gmail? No. I do not however see a problem with him self signing a certificate for his own site.

                                On the other hand, there was more than one occurrence of a ‘trusted’ CA signing domains without due diligence and our browsers didn’t warn us about that. The CA model is f—ed and broken.

                                1. 3

                                  certificate authorities are not always trust worthy.