Re: Tor exit nodes

To: Roberto C. Sánchez <[email protected]>, [email protected]
Subject: Re: Tor exit nodes
From: Enrico Zini <[email protected]>
Date: Tue, 10 Oct 2017 15:22:06 +0200
Delivered-to: [email protected]
Delivered-to: [email protected]
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Tue, 10 Oct 2017 13:22:31 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <JC2uiZS3yXI.A.O0D.XmM3ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170113 (1.7.2)

On Tue, Oct 10, 2017 at 09:02:22AM -0400, Roberto C. Sánchez wrote:

> If conflicted allegiance of individual DDs is a concern then it would be
> worth discussing some sort of multi-party/multi-key requirement for
> certain things.  For example, security uploads may require additional
> sponsorship by another DD from another country. …

To me it would be already a big step forward to make Debian workflows
auditable, so anyone can have a look at what other people are doing.

Contributions are generally all in the open, but it's pretty hard to
collate them all into a single audit log that one can look at.

I would find such a thing useful also to audit myself, to see if things
are being done in my name that I am now aware of.

Years ago I tried to make a service that maintains an RSS feed
mentioning each time someone's key was used with regards to Debian.
It's been difficult, and there was no guarantee that the RSS feed would
be complete. In the end I gave up and took it down, because I think that
an audit log that misses things is more dangerous than not having an
audit log.

My bank sends me an audit log of all logins and all money transfers done
on the home banking interface. My health care sends me an audit log of
all logins and documents viewed in their online medical records
interface.

I would like to have the same for my Debian activity, at least for those
kinds of activities that could be considered sensitive, such as package
uploads, logins to Debian machines, signed emails sent to Debian mailing
lists, db.debian.org logins and profile changes, generating a new key on
sso.debian.org, maybe even apache logs for queries authenticated with
one of my sso keys.

It ought to introduce less procedural hurdles compared to
multi-party/multi-key requirements, and still discourage attacks from
those kind of parties that cannot afford to be discovered.

(all my reply can be quoted on a public list)

Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <[email protected]>

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Debian OpenPGP audit log [was: Re: Tor exit nodes]
  - From: Daniel Kahn Gillmor <[email protected]>

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Adam Borowski <[email protected]>
- Re: Tor exit nodes
  - From: Russ Allbery <[email protected]>
- Re: Tor exit nodes
  - From: Adam Borowski <[email protected]>
- Re: Tor exit nodes
  - From: Roberto C. Sánchez <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Debian OpenPGP audit log [was: Re: Tor exit nodes]
Index(es):
- Date
- Thread