←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0.222s | source
Show context
exabrial ◴[13 Nov 21 18:54 UTC] No.29212231[source]
Great idea: easy key distribution and management. Like most p2p ideas, PGP also sucked at this.

Terrifying idea: trusting a third party to maintain the metadata about a key and who's identity it represents.

PGP absolutely got this part right: if you modify the contents of the metadata, the hash changes. Basically, if a private key were to point to Myself, and I distributed it widely, then lost it... an attacker who recovered said key could _transparently_ change the identity of the key and we'd have no record of who was actually correct. And lets not pretend that a government couldn't coerce Github to add an ssh identity to your account (it is owned by Microsoft now, and they have DOD contracts to fulfill).

Keybase solved both these issues: easy and intuitive, transparent proofs, along with the rigidity of metadata with pgp keys: if a key owner changes, the pgp key mutates.

replies(3): >>29212315 #>>29212532 #>>29212620 #
csdvrx ◴[13 Nov 21 19:49 UTC] No.29212620[source]
> PGP absolutely got this part right

Lol no.

There is no mechanism to invalidate keys by the domain owner, while it uses email as one of the core identifiers.

I purchased a cool domain, which had PGP users who published their keys to various key servers.

Their keys have no expiration, while I'm in control of the domain...

PGP was good, 30 years ago. But technology has evolved, along with the understanding of the problem.

I made a reply about SSHFP records (https://news.ycombinator.com/item?id=29212552), to push server keys in the DNS: that + DNSSEC means you remove the problem of initial trust (deciding to add a server to your known_host on the first connections)

Now imagine if something like MX records could also contain SSH keys for the mail users: you'd solve the problem of mail encryption on a global level.

People who want to send me encrypted mail could ask my server for my key, DNSSEC would prevent tempering with that, and if I lose access to the domain, there would be no issue with stale keys from old PGP directories.

As for scalability issues, DNS is perfectly done (with caching, etc) to handle that easily.

Like you, I could say "SSH got this part right" - but no. Again, technology has evolved.

The "only" problem would be correlation attacks, and I think that's a big one, in the age of surveillance.

Ideally, we'd have something like bitcoin key-derivation from a seed key, where you'd have:

- a key you publish to receive encrypted email,

- derived public keys, one per server, so that you do not risk correlation attacks

This is a great article, because it looks at the ubiquity of SSH keys, and how the technology is better than PGP keys, to advance the problem - say by signing git commits and tags.

I hope we'll also use the advances from other technologies.

replies(3): >>29212712 #>>29213036 #>>29213253 #
1. ◴[13 Nov 21 21:19 UTC] No.29213253[source]