[cryptography] Client TLS Certificates - why not?

Guido Witmond guido at witmond.nl
Mon Mar 4 14:38:27 EST 2013

On 03/04/2013 06:10 PM, StealthMonger wrote:
>  Peter Gutmann <pgut001 at cs.auckland.ac.nz> writes:
>  ... sit behind her with your arms crossed so you can't point to
>  anything or type stuff out for her, and walk her through the process
>  of acquiring and using one without leaving your chair or performing
>  any part of the operation for her.
> > Now imagine getting her to do the same using only a sheet of
> > instructions you've written.
>  Mother sits down at her computer to do email. Computer notices that
>  she does not have an encryption key (client-side certificate),
>  starts a background process to generate one, and tells her:
>  From now on, you will have a new email address. Starting next week,
>  the old one will no longer work.
>  This will be the only computer on which you can receive email. If
>  you ever want to use another computer, press "Add/Change Computer"
>  below.
>  [Computer finishes generating key with key ID xlzoazsabewlcc.]
>  Your new email address is "xlzoazsabewlcc". It is now being
>  broadcast worldwide. Tell your bank and all your friends.

How do you get that address communicated over the phone?

Let me try and help your mother:

Mother sits at computer, and asks: "What now?"

1. open firefox, install the secure email addon from: 

She installs it.

2. browse to https://guidos-secure-mail.com/

She: how do you spell that?

Me: h-t-t-..... dot com (with hands at my back)

3. Web browser connects to server, and the plug in validates server 
certificate against DNSSEC/DANE specified Root certificate. (It won't 
connect if there is an error here)

4. I ask her to press the 'Signup' button at the plugin (on the browser 
chrome, not in the window)

Browser plugin asks for username: Mom types: StealthMongersMom and she 
presses the ok-button.

5. Browser plugin requests client certificate at guidos-secure-mail.com 
with her chosen username. Browser receives certificate from the site, 
signed with a subCa of the same RootCa certificate as the server. 
Username must be unique, otherwise she needs to choose something different.

Mom has all she needs to send and receive secure mail.

6. Mom phones offspring and says I've got an email address: it's  
stmomo@@guisecmail.com (unintelligible due to line noise)

7. You: How do you spell that?

8. She: S-t-e-a. . . m-a-i-l  dot com

9. You type it in and your browser plugin looks up
     It validates the server certificate and checks if the client cert 
is chained to the same RootCA.

10. You write your message, sign it with your private key, encrypt it 
with your public key and deliver the ciphertext to 
(openssl s/mime encoded message, without headers)

11. She logs in with her certificate, the site delivers the ciphertext 
and the plugin decrypts it with her private key

12. The plug in retrieves the certificate for the sender-address 
(StealthMonger@@nym....), validates it against the DNSSEC/DANE RootCA 
for nym... and has a validated return address.

13. Your mom presses the reply-button, composes a message, her plug 
signs it with her private key, encrypts it with your public key. She 
delivers the message at 
nym...//deliver?to=StealthMonger&ciphertext=MIIDEF...ABC=== (important 
not to send to guidos-secure-email.com)

14. You receive the message and when the message signature matches that 
of the client certificate you got from step 9 you know that there is no 
man in the middle at guidos-secure-mail.com impersonating your mom. My 
site does not have your mom's private key to do so.

Notice that mom didn't validate any keys, nor did she ask you for your 
address. She just assumes that the first mail she gets is from you. It's 
the contents of the message that does the validation for her. Just like 
ordinary email.

>  Anyone else who can log into this computer has access to all your
>  bank accounts and email.

Please use Qubes-OS, Genode, Minix or any other POLA based OS and user 
interface to prevent the Dancing Pwnies. With Swiss-cheese-OS we can 
never reach security nirvana...

>  Make sure your login password is strong.

Please don't use passwords, use a GPG key on a crypto-stick.com. 
Upcoming version 2 of the stick can store plenty of certificates and 
private keys on its secured sd-card.

Cheers, Guido.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130304/28bbb887/attachment.html>

More information about the cryptography mailing list