Re: Tor exit nodes

To: Wouter Verhelst <[email protected]>, Lars Wirzenius <[email protected]>
Subject: Re: Tor exit nodes
From: Antoine Beaupré <[email protected]>
Date: Fri, 13 Oct 2017 08:44:27 -0400
Cc: Holger Levsen <[email protected]>, [email protected]
Delivered-to: [email protected]
Delivered-to: [email protected]
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Fri, 13 Oct 2017 13:00:15 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <guts4yNzVU.A.iUH.fjL4ZB@bendel>
Resent-sender: [email protected]

I've been really hesitant in participating in that discussion because,
as a principle, I think this discussion should be public and we
shouldn't have those discussions in private. But it seems everyone
*else* doesn't care and I can't resist on this one: i'm writing a series
about this for LWN and I have strong opinions...

On 2017-10-13 14:31:14, Wouter Verhelst wrote:
> On Mon, Oct 09, 2017 at 04:11:21PM +0300, Lars Wirzenius wrote:
>> I agree that it is pointless to just shower unineterested people with
>> smartcards. However, it's also clear that it'd be good for more DDs to
>> use them.
>> 
>> * It's not all _that_ hard to learn how to use them. There's material
>>   to learn that online that works. Thus, I agree with Santiago's
>>   suggestion Debian asks for interest first. Also, some of us already
>>   have the hardware, and don't want more (I have, I don't).
>> 
>> * I think having security and crypto training at every Debconf would
>>   be a good idea: how to use gpg, how to configure gpg well, how to
>>   secure one's laptop, etc.
>> 
>> * The Yubikey 4 seems to be the best hardware option.
>
> I'm not convinced that this is true. I have a kernelconcepts.de
> smartcard, and to me that is a better option (because it fits in the
> smartcard slot in my laptop). I do agree, however, that we should
> encourage DDs to use smartcards where feasible.
>
> I think we should do one of these options:
> - We could have a group acquisition -- e.g., a group of X developers
>   would buy X devices with Debian money just before a DebConf, have the
>   batch shipped to one of them, and they are handed out at DebConf
> - We could try to talk one or more of the vendors of smartcard or token
>   devices into giving them to us for free. I'm sure some might be
>   interested in doing that as a marketing strategy.
> - If they're smartcards, maybe we can combine the "developer
>   certificate" and the "gnupg smartcard" stuff into one and the same
>   thing, by having them personalized ;-)

A keyproblem with "smartcards" is that they are closed hardware. We have
no way of verifying the claims of security they offer. I am way more
supportive of efforts like the ones from Debian Developper Niibe Yutaka
that are creating an open platform for that kind of stuff, even if it
means it may be a little easier to extract private key material through
hardware attacks: at least we know where we stand.

We have leverage: we should incite manufacturers to open their designs
and prove their worth to the world, not just buy the "closed is more
secure" cool aid. This applies both to Yubico but also to SIM-type
cards.

> [...]
>> * One Yubikey model 4 is $40 (plus postage) on Amazon.com.
>
> The kernelconcepts.de smartcards are between €16 and €20, depending on
> model, with volume discounts.
>
> If you think a credit-card sized smartcard is too bulky, you can also
> order a model with ID000 ("SIM card") breakout (for a small surcharge),
> and then stuff it inside a device not much larger than a USB stick.
>
> In addition, personally, I prefer real smartcards over the yubikey
> anyway, but YMMV (and probably I'm biased).
>
> Additionally, there is https://github.com/FluffyKaon/OpenPGP-Card (a
> GPLv3 implementation of the OpenPGP specification) which you should be
> able to load into any JavaCard compliant smartcard. That beats the
> yubikey in terms of freeness any time, and probably would be cheaper
> than the kernelconcepts.de smartcards if you shop around a bit for a
> reasonably-priced JavaCard.

So that's the *third* JavaCard-compliant card I've seen so far in my
research, the first two being Yubico's (for the NEO) and the ANSSI's:

https://github.com/anssi-fr/smartpgp

how many of those *are* there exactly? how do they compare? how can we
choose?

and if we can flash SIM cards with such firmware, can't someone just do
the same and flash hostile firmware on the card to exfiltrate material?
isn't that the whole argument against open applets Yubico used?

i'm slightly confused as to why proprietary hardware designs are
encouraged here...

a.

-- 
Conformity-the natural instinct to passively yield to that vague something
recognized as authority.
                        - Mark Twain

Follow-Ups:
- Re: Tor exit nodes
  - From: Michael Stone <[email protected]>
- Re: Tor exit nodes
  - From: Wouter Verhelst <[email protected]>

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Wouter Verhelst <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread