Re: Tor exit nodes

To: Lars Wirzenius <[email protected]>
Subject: Re: Tor exit nodes
From: Wouter Verhelst <[email protected]>
Date: Fri, 13 Oct 2017 14:31:14 +0200
Authentication-results: mail1.trendhosting.net; dkim=fail reason="verification failed; unprotected key" header.d=grep.be [email protected] header.b=pbBVDSeb; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Cc: Holger Levsen <[email protected]>, [email protected]
Delivered-to: [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=grep.be; s=2017.latin; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VLWlLgsnjoPkjzGxGgNCWpT3pMjIOJAQ+2gWM1ooszU=; b=pbBVDSebi/7WkAtHWZbuKBQcBm c53BbvzJujSkjKP+PDr4iKKhaoMV6rpMRALkg1QtammoesCtFLD+RCJIw9ZChWW6QTt0yWyvCGdq4 p26lwA8GCoBJcEP+QltNbov/RplDfK7i2AuRLMse4wFQsd0oqsvC8C3Fezx0sJlgz/7mAe9zZ4mTs x9LtnZIBJblkz/vMs3450i40Yj0aIxHyZUQy6SPKPDlm6XmIOOfBD+SZZvIs1HuPlRrLmgmINKF6z 0U8bZJ0NtYafm0THFp7/M2+Gzh8HP541+OnXQYGHaZyBQh4YurOB6QqyETKDtsBZ3W/2puIgTi60n OJRLYGdQ==;
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
Organization: The Debian Project, http://www.debian.org/
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]>
Resent-date: Fri, 13 Oct 2017 12:31:38 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <SRnrjvjly-B.A.fv.qIL4ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170609 (1.8.3)

On Mon, Oct 09, 2017 at 04:11:21PM +0300, Lars Wirzenius wrote:
> I agree that it is pointless to just shower unineterested people with
> smartcards. However, it's also clear that it'd be good for more DDs to
> use them.
> 
> * It's not all _that_ hard to learn how to use them. There's material
>   to learn that online that works. Thus, I agree with Santiago's
>   suggestion Debian asks for interest first. Also, some of us already
>   have the hardware, and don't want more (I have, I don't).
> 
> * I think having security and crypto training at every Debconf would
>   be a good idea: how to use gpg, how to configure gpg well, how to
>   secure one's laptop, etc.
> 
> * The Yubikey 4 seems to be the best hardware option.

I'm not convinced that this is true. I have a kernelconcepts.de
smartcard, and to me that is a better option (because it fits in the
smartcard slot in my laptop). I do agree, however, that we should
encourage DDs to use smartcards where feasible.

I think we should do one of these options:
- We could have a group acquisition -- e.g., a group of X developers
  would buy X devices with Debian money just before a DebConf, have the
  batch shipped to one of them, and they are handed out at DebConf
- We could try to talk one or more of the vendors of smartcard or token
  devices into giving them to us for free. I'm sure some might be
  interested in doing that as a marketing strategy.
- If they're smartcards, maybe we can combine the "developer
  certificate" and the "gnupg smartcard" stuff into one and the same
  thing, by having them personalized ;-)

[...]
> * One Yubikey model 4 is $40 (plus postage) on Amazon.com.

The kernelconcepts.de smartcards are between €16 and €20, depending on
model, with volume discounts.

If you think a credit-card sized smartcard is too bulky, you can also
order a model with ID000 ("SIM card") breakout (for a small surcharge),
and then stuff it inside a device not much larger than a USB stick.

In addition, personally, I prefer real smartcards over the yubikey
anyway, but YMMV (and probably I'm biased).

Additionally, there is https://github.com/FluffyKaon/OpenPGP-Card (a
GPLv3 implementation of the OpenPGP specification) which you should be
able to load into any JavaCard compliant smartcard. That beats the
yubikey in terms of freeness any time, and probably would be cheaper
than the kernelconcepts.de smartcards if you shop around a bit for a
reasonably-priced JavaCard.

-- 
Could you people please use IRC like normal people?!?

  -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008
     Hacklab

Follow-Ups:
- Re: Tor exit nodes
  - From: Antoine Beaupré <[email protected]>

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread