Re: Tor exit nodes

To: Antoine Beaupré <[email protected]>
Subject: Re: Tor exit nodes
From: Wouter Verhelst <[email protected]>
Date: Sat, 14 Oct 2017 08:18:11 +0200
Authentication-results: mail1.trendhosting.net; dkim=fail reason="verification failed; unprotected key" header.d=grep.be [email protected] header.b=nhNvqJvr; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Cc: Lars Wirzenius <[email protected]>, Holger Levsen <[email protected]>, [email protected]
Delivered-to: [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=grep.be; s=2017.latin; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Zu4Lwbo64RykDcEFghp0GUVk4kW7motQp+icvb3jWJk=; b=nhNvqJvrEsspizgwM3yl7VYuKu oMJQ3lxwxYMtSiIInYJJ5CPAKtvKMDduP9oW5A1pgDA6WP2GXUOFpH2etHtmHiSzfBgdJV03qSc9H w5iPGDn4J453GAeb8uU37OvfpbAdi23HyKQacmfDNnX0Tl+ft6cjNGCKNKtX2CMTT1AX4W83DO+aI Mah5Svscw5Pxbtvtkbn22DQh/LhcmN/wSCApjVXlBxIAtYeY04vEmJjRpl2ulHt0dyVlyoaRQ9MyL 3XzcXLxjVPd9ETO6OrwhVANgTl4Y3t/bBRV23Iti9HH2Xr3WPeJpcShEuflrxyDG9P9/v9TEJUzAp Xkhi4Bgw==;
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
Organization: The Debian Project, http://www.debian.org/
References: <[email protected]> <[email protected]> <A2A20EC3B8560D408356CAC2FC148E53BB448C67@SUN-DAG3.synchrotron-soleil.fr> <10860438.zDTZX8SP8J@xev> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Sat, 14 Oct 2017 06:18:36 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <I7hpZaOQ13D.A.ZNG.7wa4ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170609 (1.8.3)

On Fri, Oct 13, 2017 at 08:44:27AM -0400, Antoine Beaupré wrote:
> I've been really hesitant in participating in that discussion because,
> as a principle, I think this discussion should be public and we
> shouldn't have those discussions in private. But it seems everyone
> *else* doesn't care and I can't resist on this one: i'm writing a series
> about this for LWN and I have strong opinions...

FWIW, you have my explicit permission to publically quote anything I
said on this list in the past month.

> > [...]
> >> * One Yubikey model 4 is $40 (plus postage) on Amazon.com.
> >
> > The kernelconcepts.de smartcards are between €16 and €20, depending on
> > model, with volume discounts.
> >
> > If you think a credit-card sized smartcard is too bulky, you can also
> > order a model with ID000 ("SIM card") breakout (for a small surcharge),
> > and then stuff it inside a device not much larger than a USB stick.
> >
> > In addition, personally, I prefer real smartcards over the yubikey
> > anyway, but YMMV (and probably I'm biased).
> >
> > Additionally, there is https://github.com/FluffyKaon/OpenPGP-Card (a
> > GPLv3 implementation of the OpenPGP specification) which you should be
> > able to load into any JavaCard compliant smartcard. That beats the
> > yubikey in terms of freeness any time, and probably would be cheaper
> > than the kernelconcepts.de smartcards if you shop around a bit for a
> > reasonably-priced JavaCard.
> 
> So that's the *third* JavaCard-compliant card I've seen so far in my
> research, the first two being Yubico's (for the NEO) and the ANSSI's:
> 
> https://github.com/anssi-fr/smartpgp

I also remember one that lived on sourceforge, but I can't remember the
URL; and when I ddg'd for some reasonable search words, the FluffyKaon
one is what came up.

> how many of those *are* there exactly?

I have no clue ;-)

> how do they compare? how can we choose?

You can (try to) audit them, I suppose. Beyond that... I dunno.

> and if we can flash SIM cards with such firmware, can't someone just do
> the same and flash hostile firmware on the card to exfiltrate material?
> isn't that the whole argument against open applets Yubico used?

Normally, once a JavaCard has been given an applet, you cannot overwrite
that applet anymore except with the applet's explicit permission.

In some cases, you can write a second applet, but there should be no way
for the second applet to access the data of the first.

So, provided that the javacard does what the spec says it should do, it
should be safe.

Finally, since the "JavaCard" thing is only a spec anyway as well, there
is no reason why you wouldn't be able to take
https://sourceforge.net/projects/openjcvm/ and use it to make an open
hardware JavaCard...

-- 
Could you people please use IRC like normal people?!?

  -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008
     Hacklab

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Gunnar Wolf <[email protected]>
- RE:Tor exit nodes
  - From: PICCA Frederic-Emmanuel <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Wouter Verhelst <[email protected]>
- Re: Tor exit nodes
  - From: Antoine Beaupré <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Tor exit nodes
Index(es):
- Date
- Thread