It's more or less a work around the problem of initially trusting a key, by using SSHFP records to verify that the server keys are validated by the domain, with DNSSEC validating the whole thing.
When you can match server keys to domains and user keys to github users, you are just one link away from having a global picture of the web of trust.
EDIT: and I wonder how feasible it would be to do just that with a sniff of the initial handshake
> because that’s the easiest to create a unique key for GitHub
And how many people do you think have done that, instead of uploading the keys of the servers/laptops/etc. they use?
I hate to say this, but Bitcoin did it right: by having a discardable private+public pair of keys derived from a seed key, it prevents leaks of information by correlation based on the public key.
Thanks for posting this — it’s super-interesting. It seems as though it’s more about authenticating the server rather than the user, unless I read it wrong?
The setup process looks a bit crazy, so I’m hoping it’s gotten easier since 2014? I would love to test it out, but life is too short for the process they’ve outlined...
> It seems as though it’s more about authenticating the server rather than the user, unless I read it wrong?
You are correct.
> The setup process looks a bit crazy, so I’m hoping it’s gotten easier since 2014?
I don't think I used that in uni, so I can't tell you how complicated it was. It's just a nice didactic article that I found explained all the details.
In practice in 2021, you run a sshfp script on the server, and publish the output of the script on your DNS by adding a key.
If you use scripted DNS, it's a one step process, if not, a 2 step process.
> And how many people do you think have done that, instead of uploading the keys of the servers/laptops/etc. they use?
Equally they might use the same user name as on other services, thus making them traceable.
Ultimately if you care about privacy then it’s up to you, the individual, not to share that information or to provide anonymous information yourself.
Sharing identifiable information and then blaming the company you shared it with is like blaming the horse for bolting after you’ve intentionally left the barn door open. Sure it should be that way but ultimately it’s your own responsibility to keep your stuff safe.
I’d agree with your point more if you were advocating that documentation should be more explicit. Ie helping educate users into making smarter choices.
I disagree. The article points to simplifications that SSH did compared to GPG, like no web of trust.
But there's now something very close to one, a bit hidden though: SSHFP + DNSSEC
I think a lot of people here may not be familiar with SSHFP records, so check https://fanf.livejournal.com/130577.html for a more detailed explanation.
It's more or less a work around the problem of initially trusting a key, by using SSHFP records to verify that the server keys are validated by the domain, with DNSSEC validating the whole thing.
When you can match server keys to domains and user keys to github users, you are just one link away from having a global picture of the web of trust.
EDIT: and I wonder how feasible it would be to do just that with a sniff of the initial handshake
> because that’s the easiest to create a unique key for GitHub
And how many people do you think have done that, instead of uploading the keys of the servers/laptops/etc. they use?
I hate to say this, but Bitcoin did it right: by having a discardable private+public pair of keys derived from a seed key, it prevents leaks of information by correlation based on the public key.