IETF Logo Mail Archive

Re: On email and web security

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 01 January 2016 20:48 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9506B1ACED6 for <ietf@ietfa.amsl.com>; Fri, 1 Jan 2016 12:48:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.422
X-Spam-Level: *
X-Spam-Status: No, score=1.422 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oOvlZgM8vDnV for <ietf@ietfa.amsl.com>; Fri, 1 Jan 2016 12:48:51 -0800 (PST)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81DEC1A03A6 for <ietf@ietf.org>; Fri, 1 Jan 2016 12:48:51 -0800 (PST)
Received: by mail-lb0-x231.google.com with SMTP id pv2so152315314lbb.1 for <ietf@ietf.org>; Fri, 01 Jan 2016 12:48:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=626HkwS+5dN1lFHshT9vEaBwXFHBWuW5GIvGYH2ofgQ=; b=AUvvl9wZCRlDzzoTa/srMxM5mCXGJojX2rVWPQuLkEyJdeqPnQ+oNdgdMngs1LkaUl 3z5uSkwyq9nZ7YqJ9NKPG5HC5+Nm+q737Qctk6CZ4jTD0Za4h2n2EQSRoxMW3sQVVyMb Vd06DkHAQpOgOT/1rZ+WOneLYj4amPMAELgnvMgRU9vRkrOoWx8V2+dd9teQoWtYRRmc zOgL6vE93PH29YGUZi1BK9OTJJ0GMrGMnNtNlM9fbZ8sv86XHE1D/wPQrlWn4OXdq7LH +bY8D+2F26a/xm/gSI/gWWYcmF7GIcGg3C/zXZAXIyLh0V9MsWoqk/CNe6tEvGqmVkrF Q4UQ==
MIME-Version: 1.0
X-Received: by 10.112.199.194 with SMTP id jm2mr21466236lbc.109.1451681329664; Fri, 01 Jan 2016 12:48:49 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.1.33 with HTTP; Fri, 1 Jan 2016 12:48:49 -0800 (PST)
In-Reply-To: <5686DC69.7070702@gmail.com>
References: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com> <13594.1451602033@obiwan.sandelman.ca> <CAMm+Lwi7dNvoXy6qit7h81c14iO0LB5y-Qnx8COQ4+_UJKg3xg@mail.gmail.com> <5686DC69.7070702@gmail.com>
Date: Fri, 01 Jan 2016 15:48:49 -0500
X-Google-Sender-Auth: 6iCr9LbVHOnUHWLLMv5uR60onOI
Message-ID: <CAMm+Lwi2BZ9Zwpf8SLcH2oXrsrPRJLsNMtO2krxjKh7-+5GmQw@mail.gmail.com>
Subject: Re: On email and web security
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Doug Royer <douglasroyer@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/HofOcdzB9GCAhzXha7_UvDQVHso>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2016 20:48:53 -0000

On Fri, Jan 1, 2016 at 3:07 PM, Doug Royer <douglasroyer@gmail.com> wrote:
> On 12/31/2015 10:00 PM, Phillip Hallam-Baker wrote:
>
>> ...
>> I have released the code:
>> http://sourceforge.net/projects/mathematicalmesh/
>>
>
> For those wanting to build the code, it looks as if you need at least VS
> 2012 with framework 4.6. Not having build MS code for while, I had 4.5 -
> updating.
>
> Its in C#.

Since it is open source code, contributors can use Visual Studio 2015
Community edition free of charge. Or at least that is my understanding
of the license.

https://www.visualstudio.com/en-us/products/visual-studio-community-vs.aspx

The point of this release is to prove that what I show in the
demonstration is actually feasible and has been implemented. This is
not production code.


The reason for moving to .Net 4.6 is that Microsoft is currently in
the process of releasing .Net Core on Linux and OSX. I took the gamble
early on that this would happen and so I could use C# for all the code
development. Which is a big advantage when you use as many code
generators as I do.

Now I have not actually run the code on Linux or OSX yet, but it does
pass the tests in the compatibility checking tools.


The code does make use of some, OK a lot of build tools. These are
also open source and available on SourceForge. BUT, probably best to
wait a couple of days since I am currently getting to grips with the
VSIX packaging tools that make installing and using custom tools a LOT
easier. I am just writing a tool that will generate the packaging code
bindings.

The build tools also generate text for the documentation. Hence when I
finally get an Internet draft out, the text in the draft, the examples
and the reference code should all be in sync.

There is also a limitation in that the current code does not have the
DNS library linked in (oops forgot!) so right now the IP address of
the service is hardcoded. Will fix that after doing the demos. I have
a DNS parsing/generating library but have not added that to this
project base yet. The client should discover the service via SRV
lookup.


This particular release has code that will automatically configure the
S/MIME config in Windows Live Mail to use a self signed certificate
generated by the toolset. Comodo Group currently issues free S/MIME
certs and we are working on a way to get a free CA issued cert using
the tool in the very near future.

This is NOT a simply scheme to get people to use CA issued keys rather
than PGP or SSH however. I have written on this at length: The short
is that we need both a hierarchical and a web of trust based
infrastructure to meet all of our user-account trust needs. If I am
writing to Fred in his IETF capacity, I want to use an encryption key
that I trust for Fred. But If I am configuring my GIT repository to
receive code from Fred@cisco.com, it is absolutely essential that the
code is endorsed by the Cisco trust chain and not just my personal
relationship with Fred.


People will obviously want support for OpenPGP as well. But that is
not my immediate priority because the point of this code is to show
what can be done, if we can take a legacy application like Windows
Live Mail and enable the crypto in that without the need for any sort
of plug-in, we can obviously use the Mesh for OpenPGP. They way I
would want to support OpenPGP is to extend the OpenPGP libraries to
include the ability to import/export keys using the Mesh.

In the short term, a tool to manage SSH keys using the mesh is going
to be a lot more useful to a lot more people. Yes, people have 'ways'
to manage SSH keys today but the instructions people are being given
to follow are of the 'how to make this work' type, not 'how to be
safe'. More than half the instructions I found telling people how to
configure SSH keys for GIT left the private key sitting unencrypted on
a world readable directory.

Using the Mesh to move keys around means that we can build best
security practices into the protocol. Keys are automatically encrypted
during transport and are only ever decrypted on the target device.
Every device has a separate key set, etc.

The reason for targeting SSH is also that is the highest leverage
point right now. As far as IETF is concerned, SSH is a terminal
protocol. But right now, the SSH key infrastructure is what is
underpinning the production of most source code, either in GIT (or SVN
I presume?).

v2.35.0 | Report a Bug | By Email | System Status