summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-27 19:20:30 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-27 19:20:30 -0400
commitff7e3b593d8fa632d8e997d2d95f5227cc58870c (patch)
tree4c1036732507efa5c7dcdf72d1ffa511707a6a0a /website
parent1c69ed36da034a412ff927d84689e0415382123c (diff)
Enumerated more concerns in "Similar Projects" section
Diffstat (limited to 'website')
-rw-r--r--website/doc.mdwn30
1 files changed, 27 insertions, 3 deletions
diff --git a/website/doc.mdwn b/website/doc.mdwn
index 80eca79..eaeecfd 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -32,7 +32,7 @@ it, so widespread adoption is important.
[openssh-gpg](http://www.red-bean.com/~nemo/openssh-gpg/) is a patch
against OpenSSH to support OpenPGP certificates. According to its
documentation, it is intended to support [`pgp-sign-rsa` and
-`pgp-sign-dss` public key algorithms, as specified by the
+`pgp-sign-dss` public key algorithms for hosts, as specified by the
IETF](http://tools.ietf.org/html/rfc4253#section-6.6).
Some concerns with `openssh-gpg`:
@@ -41,8 +41,26 @@ Some concerns with `openssh-gpg`:
maintained beyond OpenSSH 3.6p1. As of this writing, OpenSSH is on
version 5.1p1.
+ * It only provides infrastructure in one direction: the user
+ authenticating the host by name. There doesn't seem to be a
+ mechanism for dealing with identifying users by name, or allowing
+ users to globally revoke or update keys.
+
+ * The choice of User ID (`anything goes here (and here!)
+ <ssh@foo.example.net>`) for host keys overlaps with the current use
+ of the User ID space. While it's unlikely that someone actually
+ uses this e-mail address in the web of trust, it would be a nasty
+ collision, as the holder of that key could impersonate the server
+ in question. The monkeysphere uses [User IDs of the form
+ `ssh://foo.example.net`](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ to avoid collisions with existing use.
+
+ * It's not clear that `openssh-gpg` acknowledges or respects the
+ usage flags on the host keys.
+
* It requires patching OpenSSH.
+
### Perspectives OpenSSH client ###
[The Perspectives project](http://www.cs.cmu.edu/~perspectives/) at
@@ -66,6 +84,11 @@ Some concerns with the Perspectives OpenSSH client:
notaries during your verification. Who are the notaries? How
could they be compromised?
+ * It only provides infrastructure in one direction: the user
+ authenticating the host by name. There is no mechanism for dealing
+ with identifying users by name, or allowing users to globally
+ revoke or change keys.
+
* It requires patching OpenSSH
### OpenSSH with X.509v3 certificates ###
@@ -88,7 +111,8 @@ Some concerns about OpenSSH with X.509v3:
Depending on how you declare your trust relationships, OpenPGP is
capable of providing the same hierarchical structure as X.509, but
- it is not limited to it. The Web of Trust model is more flexible
- and more adaptable than X.509.
+ it is not limited to such a structure. The OpenPGP Web of Trust
+ model is more flexible and more adaptable to represent real-world
+ trust than X.509's rigid hierarchy.
* It requires patching OpenSSH.