Most active commenters
  • palata(3)
  • tptacek(3)

←back to thread

Passkeys and Modern Authentication

(lucumr.pocoo.org)
184 points Bogdanp | 11 comments | 02 Sep 25 13:47 UTC | HN request time: 0s | source | bottom
Show context
alphazard ◴[02 Sep 25 17:11 UTC] No.45105959[source]
Unfortunately the tech community is full of people who pride themselves on being aware of and advocating for the latest standard put out by whatever company. That's how we end up with lots of complicated nonsense like most of what is sent in HTTP headers, or the contents of a TLS certificate.

On the topic of authentication, it's solved. SSH nailed it, any further complexity is strictly worse. Signing up is uploading a public key. Signing in is cryptographically signing a commitment to the current ephemeral tunnel.

replies(10): >>45106121 #>>45106140 #>>45106170 #>>45106176 #>>45106183 #>>45106261 #>>45106406 #>>45106911 #>>45107421 #>>45107745 #
1. vbezhenar ◴[02 Sep 25 17:24 UTC] No.45106176[source]
ssh is terribly insecure with no way of checking server certificate fingerprint automatically. Web solved it decades ago with CA.
replies(2): >>45106217 #>>45109724 #
2. karmarepellent ◴[02 Sep 25 17:26 UTC] No.45106217[source]
This is incorrect. SSH certificates work just like x509 certificates in that regard. Also, with PubkeyAuthentication, there exist all kinds of ways to collect host keys before connecting to them for the first time and thus avoiding the trust-on-first-use problem. Especially in private networks where you control all the nodes.
replies(2): >>45108600 #>>45113360 #
3. palata ◴[02 Sep 25 20:30 UTC] No.45108600[source]
SSH does have certificates, but in practice most people using SSH don't use SSH certificates and don't check the fingerprints.

Not sure if we can say it's solved if nobody wants to use it by choice (certificates are probably mostly used in enterprise setups, but in my experience it's not even that common there).

replies(1): >>45109833 #
4. rlpb ◴[02 Sep 25 22:04 UTC] No.45109724[source]
OpenSSH supports DNSSEC-published host key fingerprints.
replies(1): >>45109821 #
5. tptacek ◴[02 Sep 25 22:16 UTC] No.45109821[source]
Leaving off everything else I think about DNSSEC, this is a baffling feature. DNS solves the problem of introducing unrelated counterparties, which is not the SSH host key problem --- people generally don't SSH into hosts they're not somehow affiliated with. This is what CA-based PKIs are made for, and OpenSSH has a good (non-X.509) certificate system already; lots of people use it to get e.g. SSO login for SSH.

Tying authenticity to a global, remote set of authorities is a tradeoff we make for anonymous introductions to random web servers whenever we need them. SSH doesn't have that problem, so the tradeoff gets you... nothing?

replies(1): >>45110328 #
6. tptacek ◴[02 Sep 25 22:17 UTC] No.45109833{3}[source]
If you have a small, stable number of hosts, an SSH PKI doesn't make a lot of sense. With a large fleet, and/or if you want to tie your fleet into an OIDC IdP, certificates are pretty common; the most common way of solving this problem, I think?
replies(1): >>45110542 #
7. rlpb ◴[02 Sep 25 23:13 UTC] No.45110328{3}[source]
> people generally don't SSH into hosts they're not somehow affiliated with

git remote add ... git+ssh://user@github.com/... comes to mind as a counterexample, although I admit there aren't many of these examples and GitHub also supports authenticated https:// with git. GitHub don't publish SSHFP DNS records either it seems, but the feature is there in the client.

8. palata ◴[02 Sep 25 23:40 UTC] No.45110542{4}[source]
I think it's the case in big companies. But most companies are not big :-), which means that a lot of people are using SSH without ever checking the fingerprint. That would be my intuition.
replies(1): >>45110731 #
9. tptacek ◴[03 Sep 25 00:06 UTC] No.45110731{5}[source]
SSH has always relied on key continuity for this problem; you're exposed when you're first introduced to a host (on a particular client) but then fine from that point on.

This of course breaks down with cattle fleets where ~most logins are to hosts you've never hit before, which is why cattle fleets tend to use SSH PKI.

replies(1): >>45113569 #
10. vbezhenar ◴[03 Sep 25 08:06 UTC] No.45113360[source]
When I connect to github using ssh, I must google github page with ssh fingerprint and verify it by hand. Imagine how many people actually do that, instead of blindly accepting the key.

If github can't make it right, nobody can.

11. palata ◴[03 Sep 25 08:47 UTC] No.45113569{6}[source]
Over the years I have seen - repeatedly - colleagues just removing ~/.ssh/known_hosts when SSH showed the warning that says something like "YOU MAY HAVE BEEN HACKED!!!".

I think passkeys resolve that, even though it's more of a human issue than a technical issue :-).