Project

General

Profile

Feature #5763

Monkeysphere

Added by Tails about 5 years ago. Updated about 1 month ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

The Monkeysphere project now proposes a working infrastructure (validation agent, Iceweasel plugin) for validating HTTPS certificates using the GnuPG web-of-trust.

We now install monkeysphere, msva-perl and xul-ext-monkeysphere into the system. Monkeysphere is setup to use a hkps:// keyserver.

Next things to do

We have to wait for a decision regarding which candidate(s) we want to support for the web browser profile with no CA (#5766).

Use cases

The key problem is... the key: monkeysphere trusts a server's key if and only if it is signed by a fully trusted key. I think there are two usecases out there:

GnuPG users

The people who use (asymmetric) GnuPG in Tails already deal with their keyring and its persistence (#5910). They would have to sign the keys for the servers they want to authenticate, persist their keyring somehow, and be done with it.

GnuPG non-users

Quite harder. These ones won't bother signing keys and so on. They still might be interested in Monkeysphere but they will need to rely on an external authority to sign server keys. As Tails users they already (hopefully) trust Tails developers not to add spyware to this system. They might as well trust them to carefully verify and sign server keys. A possibility is then to mark our own key as fully trusted in the default amnesia user pubring.

Thinking a bit more about it, I'm quite strongly opposed to do that: it would put the Tails developers' signing key into a "single Certification Authority" role, which I consider to be unhealthy. Trusting the same people and technical infrastructure for software and server authentication is a bit too much and would make the whole Monkeysphere idea meaningless, kind of. --intrigeri

Note: due to Tails developers incapacity to carefully check that many keys with reliable trust-paths, Tails out-of-the-box Monkeysphere support for https will be quite poor. This can be seen as a problem; on the other hand it demonstrates how weak the servers authentication process really is unless you take care of it yourself and reclaim your trust-paths!


Related issues

Related to Tails - Feature #8303: Consider re-introducing monkeysphere in Jessie-based images Resolved 11/25/2014
Blocked by Tails - Feature #5766: Web browser profile with no CA Rejected

History

#1 Updated by intrigeri about 5 years ago

  • Type of work changed from Wait to Code

#2 Updated by intrigeri about 5 years ago

  • Subject changed from monkeysphere to Monkeysphere

#3 Updated by BitingBird over 3 years ago

  • Related to Feature #8303: Consider re-introducing monkeysphere in Jessie-based images added

#4 Updated by intrigeri about 1 month ago

Tails wrote:

The Monkeysphere project now proposes a working infrastructure (validation agent, Iceweasel plugin) for validating HTTPS certificates using the GnuPG web-of-trust.

That's been broken for years and I'm not aware of any plan to fix it.

#5 Updated by intrigeri about 1 month ago

  • Status changed from Confirmed to Rejected

Also available in: Atom PDF