Re: Proposed: PKI Authentication for secure web access
This is good info. Thanks for your responses. So I guess the problem isn't that the functionality isn't available, but that it's hard to get end users to adopt it. This makes me sad. When I become Emperor, I will require all secure web sites to implement this functionality and the world will be a better place. -rob On Sat, Nov 20, 2010 at 8:59 PM, Sander Temme scte...@apache.org wrote: On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? Because key management is just too freaking hard, and too much of a management and support burden. For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? S.
Re: Proposed: PKI Authentication for secure web access
lol. In the meantime, it's still useful for implementation in closed organizations where it's easy to enforce client cert policies (and easy to use a CA model) On 21/11/2010 10:11, Rob Lemaster wrote: This is good info. Thanks for your responses. So I guess the problem isn't that the functionality isn't available, but that it's hard to get end users to adopt it. This makes me sad. When I become Emperor, I will require all secure web sites to implement this functionality and the world will be a better place. -rob On Sat, Nov 20, 2010 at 8:59 PM, Sander Temme scte...@apache.org wrote: On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? Because key management is just too freaking hard, and too much of a management and support burden. For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? S.
Re: Proposed: PKI Authentication for secure web access
You can use self-signed client certs too. You just have to explicitly tell Apache what to trust and what not to trust. You can also use your own in-house CA, if applicable. Issac On 20/11/2010 22:55, Rob Lemaster wrote: Thanks for that explanation Graham! I wasn't thinking in terms of CA-signed certificates like you and Issac pointed out, but more of a PGP-type model, where I could use my own self-signed public/private key pair created in Firefox to authenticate to many web sites. I realize that self-signed certs aren't as secure (from the server's point of view), but I could authenticate and answer pre-assigned secret questions before uploading my public key to confirm my identity before the server accepts it. I'd still be grateful for the additional security of CA-signed certs if my bank and Paypal would use them.. -rob On Sat, Nov 20, 2010 at 12:42 PM, Graham Leggett minf...@sharp.fm wrote: mod_ssl is used solely for https, yes, but the feature you're looking for is built into https by default already. Certificates work symmetrically, both sides have the power to require the other side to present a valid certificate. In the case you might be most familiar with, only one side has a certificate (the server). The other side (the browser) has no certificate. In this scenario, the browser can be sure it is speaking to the right server, because the server presented a signed certificate, but the server has no idea about the browser. Usually, some other authentication mechanism is used to identify the browser, of varying strengths (passwords, etc). In the case you want however, both sides of the connection are configured to require a certificate from the other side. The certificates do the same job as the keys that are exchanged in your SSH configuration, they allow the other side to say yup, I trust you, and that trust works both ways. Unlike an SSH key however, a certificate contains embedded within it details of the person (or thing) that owns the certificate, but these are details as far as the protocol is concerned. Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
On 21 Nov 2010, at 6:59 AM, Sander Temme wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? Because key management is just too freaking hard, and too much of a management and support burden. For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? In our experience, the hardest part about using certificates is overcoming the perception held by technical people that it's hard to use certificates. Over the last three years, we have rolled out a certificate based infrastructure across a large organisation, with certs for all employees and external suppliers. The basic premise is that usernames and passwords are banned (unless completely unavoidable), and that your certificate gives you whatever access you need. Everything that requires registration of some kind has been configured to auto- register people from details in the certificates, so we have no centralised directory of any kind for people with certificates. Lots of problems evaporated as a result. When the certificate expires, or is revoked, the portcullis comes crashing down and you're locked out everywhere. There are no residual does person X still have access problems. For end users, life is simple. If you need to access something, you simply go there, job done. No login forms, no registration, no asking somebody for access, no forgot your password forms, no obscure username that is annoyingly different to all your other usernames. In our experience, unlike technical people, end users don't know that certificates are supposed to be hard, and so have never known they were supposed to consider certificates a problem. As a result, it's been very successful. Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
On Sunday 21 November 2010, Graham Leggett wrote: In our experience, unlike technical people, end users don't know that certificates are supposed to be hard, and so have never known they were supposed to consider certificates a problem. As a result, it's been very successful. If everything works, ok. But in my experience, a big problem is that browsers' error messages related to client certificates are mostly of the quality Something related to SSL does not work. And this is not limited to MSIE.
Re: Proposed: PKI Authentication for secure web access
Now that's what I'm talking about. Are you guys hiring? On Sun, Nov 21, 2010 at 12:06 PM, Graham Leggett minf...@sharp.fm wrote: In our experience, the hardest part about using certificates is overcoming the perception held by technical people that it's hard to use certificates. Over the last three years, we have rolled out a certificate based infrastructure across a large organisation, with certs for all employees and external suppliers. The basic premise is that usernames and passwords are banned (unless completely unavoidable), and that your certificate gives you whatever access you need. Everything that requires registration of some kind has been configured to auto-register people from details in the certificates, so we have no centralised directory of any kind for people with certificates. Lots of problems evaporated as a result. When the certificate expires, or is revoked, the portcullis comes crashing down and you're locked out everywhere. There are no residual does person X still have access problems. For end users, life is simple. If you need to access something, you simply go there, job done. No login forms, no registration, no asking somebody for access, no forgot your password forms, no obscure username that is annoyingly different to all your other usernames. In our experience, unlike technical people, end users don't know that certificates are supposed to be hard, and so have never known they were supposed to consider certificates a problem. As a result, it's been very successful. Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
Hello Rob, We use SSL Client Certificates extensively here at MIT. They are quite convenient for developers: if you want to plug into the existing campus wide authentication system, just ask for a client cert and you don't need to reimplement any authentication system. Cheers, Edward
Proposed: PKI Authentication for secure web access
I would like to propose an enhancement to the Apache web server for secure authentication. If this is the wrong list, pls. reply with the correct list and I will post it there. SSH allows a user to create a public/private key pair and use that for authentication. This is much more secure than simply using passwords and adds the ability to add 'something you have' for multi-factor authentication. I propose that the same functionality would be enabled for web authentication. This functionality would require support on the server and in the client browser. The server would need to have the ability to store and recognize a public keys for authentication. The client browser would need to have the ability to create public/private keys and store them securely. It would also need to have the ability to copy the keys to other computers (home/work) or store them on a USB thumb drive for remote access. This functionality would be used primarily for web sites that require secure authentication, such as banks, Ebay, and Paypal. Do you think this is a good idea?
Re: Proposed: PKI Authentication for secure web access
Been there, done that: http://wiki.buanzo.org (enigform and mod_openpgp) Not x509, though. On 11/20/10, Rob Lemaster rklemas...@gmail.com wrote: I would like to propose an enhancement to the Apache web server for secure authentication. If this is the wrong list, pls. reply with the correct list and I will post it there. SSH allows a user to create a public/private key pair and use that for authentication. This is much more secure than simply using passwords and adds the ability to add 'something you have' for multi-factor authentication. I propose that the same functionality would be enabled for web authentication. This functionality would require support on the server and in the client browser. The server would need to have the ability to store and recognize a public keys for authentication. The client browser would need to have the ability to create public/private keys and store them securely. It would also need to have the ability to copy the keys to other computers (home/work) or store them on a USB thumb drive for remote access. This functionality would be used primarily for web sites that require secure authentication, such as banks, Ebay, and Paypal. Do you think this is a good idea?
Re: Proposed: PKI Authentication for secure web access
On 20 Nov 2010, at 10:27 AM, Rob Lemaster wrote: SSH allows a user to create a public/private key pair and use that for authentication. This is much more secure than simply using passwords and adds the ability to add 'something you have' for multi-factor authentication. I propose that the same functionality would be enabled for web authentication. This functionality would require support on the server and in the client browser. The server would need to have the ability to store and recognize a public keys for authentication. The client browser would need to have the ability to create public/private keys and store them securely. It would also need to have the ability to copy the keys to other computers (home/work) or store them on a USB thumb drive for remote access. This functionality would be used primarily for web sites that require secure authentication, such as banks, Ebay, and Paypal. Do you think this is a good idea? Is there anything here that isn't already done by X509 client certificates, as offered by mod_ssl? Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I would like to use PKI for user authentication like you can in SSH on top of the encryption provided by HTTPS. The most secure option I see available for web authentication currently is OTP tokens (RSA,etc) that only work on one web site. thanks, -rob On Sat, Nov 20, 2010 at 5:37 AM, Graham Leggett minf...@sharp.fm wrote: Is there anything here that isn't already done by X509 client certificates, as offered by mod_ssl? Regards, Graham
Re: Proposed: PKI Authentication for secure web access
On 20/11/2010 22:19, Rob Lemaster wrote: Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I would like to use PKI for user authentication like you can in SSH on top of the encryption provided by HTTPS. The most secure option I see available for web authentication currently is OTP tokens (RSA,etc) that only work on one web site. thanks, -rob Nope, you have full x509 based authentication out-of-the-box. See http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients Issac
Re: Proposed: PKI Authentication for secure web access
Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand mar...@beamartyr.net wrote: Nope, you have full x509 based authentication out-of-the-box. See http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients Issac
Re: Proposed: PKI Authentication for secure web access
On 20 Nov 2010, at 10:19 PM, Rob Lemaster wrote: Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I would like to use PKI for user authentication like you can in SSH on top of the encryption provided by HTTPS. The most secure option I see available for web authentication currently is OTP tokens (RSA,etc) that only work on one web site. mod_ssl is used solely for https, yes, but the feature you're looking for is built into https by default already. Certificates work symmetrically, both sides have the power to require the other side to present a valid certificate. In the case you might be most familiar with, only one side has a certificate (the server). The other side (the browser) has no certificate. In this scenario, the browser can be sure it is speaking to the right server, because the server presented a signed certificate, but the server has no idea about the browser. Usually, some other authentication mechanism is used to identify the browser, of varying strengths (passwords, etc). In the case you want however, both sides of the connection are configured to require a certificate from the other side. The certificates do the same job as the keys that are exchanged in your SSH configuration, they allow the other side to say yup, I trust you, and that trust works both ways. Unlike an SSH key however, a certificate contains embedded within it details of the person (or thing) that owns the certificate, but these are details as far as the protocol is concerned. Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
Thanks for that explanation Graham! I wasn't thinking in terms of CA-signed certificates like you and Issac pointed out, but more of a PGP-type model, where I could use my own self-signed public/private key pair created in Firefox to authenticate to many web sites. I realize that self-signed certs aren't as secure (from the server's point of view), but I could authenticate and answer pre-assigned secret questions before uploading my public key to confirm my identity before the server accepts it. I'd still be grateful for the additional security of CA-signed certs if my bank and Paypal would use them.. -rob On Sat, Nov 20, 2010 at 12:42 PM, Graham Leggett minf...@sharp.fm wrote: mod_ssl is used solely for https, yes, but the feature you're looking for is built into https by default already. Certificates work symmetrically, both sides have the power to require the other side to present a valid certificate. In the case you might be most familiar with, only one side has a certificate (the server). The other side (the browser) has no certificate. In this scenario, the browser can be sure it is speaking to the right server, because the server presented a signed certificate, but the server has no idea about the browser. Usually, some other authentication mechanism is used to identify the browser, of varying strengths (passwords, etc). In the case you want however, both sides of the connection are configured to require a certificate from the other side. The certificates do the same job as the keys that are exchanged in your SSH configuration, they allow the other side to say yup, I trust you, and that trust works both ways. Unlike an SSH key however, a certificate contains embedded within it details of the person (or thing) that owns the certificate, but these are details as far as the protocol is concerned. Regards, Graham --
Re: Proposed: PKI Authentication for secure web access
On 11/20/2010 2:39 PM, Rob Lemaster wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstandmar...@beamartyr.net wrote: Nope, you have full x509 based authentication out-of-the-box. See http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients Issac For those who have a real security need to authenticate their clients in this way, and are willing to accept the hassles of this method, it is definitely used. However, the idea that a bank or paypal would issue certificates for each of its end users can get cumbersome very fast. See, the private key would be managed by the user. Users (and even some server administrators) are terribly poor at managing their private keys in a safe and secure fashion. Some potential complications are a user switching browsers, a user switching computers, a user's key becoming compromised, loss of the key, etc... On top of that, the signing institution would need to be able to keep track of certificates it should no longer accept via CRL's and have infrastructure ready to verify the cert is still valid. Essentially, the logistics of getting END USERS to generate a key of appropriate size (and getting them to keep it safe), send a CSR, sign and return a certificate to them as well as the unavoidable technical support involved makes this an unattractive option to large institutions because the average Internet denizen isn't expected to know how to do this stuff The Right Way. P.S. IMHO, this conversation applies to PKI, X509 client authentication and even password authentication... all of these mechanisms boil down to the fact that there is some entity that knows who the user is and that your server will have to take a leap of faith at some point to trust that the user sitting at the keyboard is who they say they are. -- Daniel Ruggeri
Re: Proposed: PKI Authentication for secure web access
I understand your skepticism, but I am not advocating a complex CA infrastructure and I have more faith in end users (possibly misplaced). IMHO, it is reasonable for users to take that extra step for their banking site or SSL-VPN. It's really not that big a deal to generate a key pair in PuTTY, I can't imagine it would be that hard in Firefox. The question about whether it will be immediately and enthusiastically adopted by end users on their Facebook site is not the point. A bank or Paypal does not need to issue certificates. In fact, I believe that self-signed keys like in the PGP model would be more appropriate, because that key pair could be used for multiple sites. A single key pair could be used in different browsers and computers, and if they are lost, a new key pair could be generated and the old pair revoked by the user just like in PGP. With self-signed keys, you don't need to deal with CAs, CRLs, etc., which I agree would be too burdensome. Generating a key pair for SSH is pretty trivial, and using a wizard in Firefox would simplify it enough to be accessible to just about anyone. Yes, authentication boils down to trust. This is the advantage of using multi-factor authentication. You would then have something you know (username and password) and something you have (private key). This is required in the newer PCI HIPAA requirements as well. On Sat, Nov 20, 2010 at 1:57 PM, Daniel Ruggeri drugg...@primary.net wrote: For those who have a real security need to authenticate their clients in this way, and are willing to accept the hassles of this method, it is definitely used. However, the idea that a bank or paypal would issue certificates for each of its end users can get cumbersome very fast. See, the private key would be managed by the user. Users (and even some server administrators) are terribly poor at managing their private keys in a safe and secure fashion. Some potential complications are a user switching browsers, a user switching computers, a user's key becoming compromised, loss of the key, etc... On top of that, the signing institution would need to be able to keep track of certificates it should no longer accept via CRL's and have infrastructure ready to verify the cert is still valid. Essentially, the logistics of getting END USERS to generate a key of appropriate size (and getting them to keep it safe), send a CSR, sign and return a certificate to them as well as the unavoidable technical support involved makes this an unattractive option to large institutions because the average Internet denizen isn't expected to know how to do this stuff The Right Way. P.S. IMHO, this conversation applies to PKI, X509 client authentication and even password authentication... all of these mechanisms boil down to the fact that there is some entity that knows who the user is and that your server will have to take a leap of faith at some point to trust that the user sitting at the keyboard is who they say they are. -- Daniel Ruggeri
Re: Proposed: PKI Authentication for secure web access
On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? Because key management is just too freaking hard, and too much of a management and support burden. For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? S. On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand mar...@beamartyr.net wrote: Nope, you have full x509 based authentication out-of-the-box. See http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients Issac -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme