| < | September 2008 | > | ||||
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | ||||
Christophe would like me to clarify why I feel you should distrust your Belgian eID card. Is "blogging" the new Usenet? This interaction feels a bit like "letters to the editor".
That aside, however.
I have no particular problem with the eID being a smartcard. The fact that most "variable" data about my identity is stored on a chip rather than printed on the card is probably even an improvement. No need to get a new card issued when moving, for instance. Unlike the old card, it's also a standard size and it fits in my wallet.
My problem is that the certificates can't be trusted.
It is unacceptable that the keys have been generated by someone other than me. This basically cripples the foundations of PKI from the get-go. But this is only the tip of the iceberg.
Of particular interest in Christophe's post is this:
Knowing that the government can create their own certificates (you do thrust [sic] them as a CA) they can easily generate new certificates that contain 'valid' data. There is no need to keep the private keys of the population to perform identity hijacking.
Why on earth would I trust the government's CA? Even if I happen to trust the CA, why would I trust the certificates signed by it?
Aside: I don't consider the fact that the government has innumerable ways of impersonating me to be a valid excuse for handing them yet another way.
The key point is "trust": a certificate does not automatically become "trusted" just because a CA has signed it.
Remember the role of a CA in the PKI model: the CA verifies that the entity controlling the private key of a certificate matches the owner of that certificate. Control over the private key is the critical point. In addition to verifying the ownership of the certificate, the CA should really also verify the owner's crypto-hygiene. Since that is not possible, a CA signature alone does not make a certificate trusted.
When you "trust" a CA, you trust it to verify the owner. Unless you also trust the private key to only be under the control of the owner, you still can't trust the certificate.
What then is the point of a CA? It saves you from the tedious and potentially time-consuming task of verifying the identity of the certificate owner. You should still verify that the owner can be trusted. If the owner prints his private key in the morning paper, can you trust his certificate?
You might trust the Belgian government to verify ownership of the certificate, but you know you can't trust it to verify control over the keys. This makes the certificates worthless.
The authentication key can't be trusted to authenticate against a system because you did not generate it and you don't know how many copies of the private key are in circulation. Anyone with control over the private key can authenticate as you on any system you configure to trust the public key.
The signature key is even worse because the law requires people to trust it. Think about that for a moment. Anyone with control over the private key you didn't generate can enter into legally binding contracts pretending to be you and legally, the people they are entering into these contracts with have to accept that they are you, even if they know that the certificate cannot be trusted because the private key is suspect.
The fact that nobody ever checks CRLs makes these "third-party generated keys" even more problematic. If the machines which generate the keys are compromised, someone can generate and sign a certificate purporting to be me of which I'm not even aware and use it to sign legally-binding contracts as me. And even people who know better than to trust a certificate only on the say-so of a CA signature are legally required to accept this signature as being made by me.
That is why it is not enough to simply get your key revoked -- you should keep proof that you have revoked your keys. It will still be a serious pain in the ass to prove that the signature was not made by you, but your empty smart card and the piece of paper at least allow you to retain some form of control over your identity.
PKI systems only work if the private key is secure. Certification authorities don't tell you that a certificate can be trusted, they only tell you that the certification authority believes that the certificate is owned by entity named on it.
I find it incredibly scary that the law equates the presence of a CA signature with a trustworthy certificate. Which brings me rather neatly to another rant-worthy subject "EV certificates" being "trusted" by webbrowsers.
When a website presents you with an "EV certificate", it will turn the address bar green and claim the certificate can really be trusted. This is total madness. The only difference between an "EV certificate" and a "normal" one is the price and the level of identify verification undertaken by the CA. I have yet to encounter the first CA which verifies the private key hygiene of applicants.
Users are sheep. They will see the green bar and say "ah, trusted"! The fact that they may be trusting someone who had an unencrypted copy of his private key on a USB stick he forgot on the train yesterday is a minor irrelevant detail. Nothing to worry about.
Generate your own keys. And don't trust certificates whose keys you don't trust. Actually, just trust nobody.
It took a while, but registration for EuroBSDCon 2008 is now open!
As usual, there are many interesting talks and tutorials. Life was again "interesting" for the program committee!
For FreeBSD developers, there will be the usual by-invitation developer summit two days before the conference.
I would like to note that this will be the first non-FOSDEM conference I'm attending this year with only marginal impact on my carbon footprint.
I'm taking the train!
Wouter blogs about how you can SSH with your Belgian eID card.
Unfortunately, he fails to mention that this is a very bad idea because the cards cannot be trusted.
The private key on the card has been generated by an entity that is not you and which you cannot trust for this purpose. You cannot be reasonably sure that no clandestine unencrypted copies of your private key exist under government control or under the control of a disgruntled government employee or contractor.
Rule #1 of healthy use of cryptography: generate your own keys. Trust nobody.
Do you really want to allow the government to ssh to your machine? Or the disgruntled government employee who incidently, can already impersonate you to buy a house?
If the system generating the private keys is compromised in any way, any users of the cards are fucked (to put it mildly). Your private key is "you" in a number of ways that matter quite a lot.
What about certificate revocation lists (CRLs)? I hear you cry.
Rule #2 of healthy use of cryptography: nobody ever checks CRLs. To rely on them is foolish.
Wouter's example demonstrates this rather nicely: the public key is copied to the authorized_keys file on the server directly. No CRL will ever be checked. An entry in a revocation list which is never checked will not prevent the compromised key from being used to authenticate against the system.
If any of the above scares you (which it should) I highly recommend you get the certificates on your eID revoked. Preferably, you should revoke the certificates as soon as you go to collect your eID.
Of course, revocation does not protect you against clandestine copies of the private key. Make sure you get the authority you ask to revoke your keys to sign a dated piece of paper so you can prove this later if a clandestine copy of your key is used to impersonate you.
Am I being paranoid?
Yes!
Why?
How do you feel about your "identity" being replaced by a private key which you did not generate and which you don't control? I find it incredibly scary.
keramida blogs about his patience with [Microsoft] Windows users. The situation is very familiar to me. As I (and another commenter) commented, this kind of conversation is nasty:
And it's all downhill from there. How do you wiggle yourself out of this sort of conversation without being rude?
You could just sigh audibly, take their laptop and pointyclick around until somehow you "fix" their problem by accident. When they ask how you did it, you'll have no idea and they'll gush that you're a wizard and tell all their friends about you, etc. And then the friends pile their laptops on you as well.
Alternatively, you could maintain that you know nothing about it (which you don't -- it's a Microsoft system, it's beyond learning for anyone who knows how operating systems work) and they'll look at you with a confused look and think that you're just being unhelpful.
Is there any good way out of this kind of situations? (Short of having your frontal lobes removed and learning about how Microsoft garbage (supposedly) "works" and spending the rest of your life drooling over the keyboard as you click your way towards oblivion?)
I like computers. I like writing software. I don't want to be mistaken for an unhelpful elitist who won't help poor helpless souls with their Microsoft problems. On the other hand, I want to continue to like computers and writing software, which means staying as far away from no-fun braindead clickware as possible.
A penny for your thoughts, not adjusted for inflation to 2008 prices.
Apologies to my English-speaking readers. This rant just works better in Dutch. A beer to anyone who can come up with a good translation of azijnpisser however.
Ik wens niet geassocieerd te worden met de bende kibbelende kinderen die al meer dan een jaar het land lam leggen en gegijzeld houden. Ik heb mijn geboorteplaats niet gekozen -- ik kan er niet aan doen dat ze zich in een regio bevindt die door dat soort zielepoten bevolkt wordt.
Weer een krant volgekreund door een aantal professionele azijnpissers die liever de intrigant uithangen en deel uitmaken van de problemen dan constructief bij te dragen tot onderhandelde oplossingen. Je komt volwassener gedrag tegen in een kleuterschool. En dat wil dan onafhankelijk zijn.
Weg met de regio's. Dat ze zich bezig zouden houden met Europa wat meer democratisch te maken zodat al die overbodige complexiteit van landen en vooral regio's opgeruimd kan worden.
Vereenvoudiging is de boodschap.
A couple of days ago, Awesome 3 was released. I've been using Awesome since Holger pointed it out to me at 24C3 last year (full story). I'm using 2.3 now and I'm very happy with it.
I'm a bit dubious about "upgrading" to version 3. Among the features it lists is transparency. I've never understood why people want this. How can you get any work done in a window when something behind it is distracting you? From the screenshots, it's clear to me that this is a feature used by people who don't actually do any work in the transparent windows.
Notice that they always make their xterms transparent but never their web browser or their "word processor".
Ignoring for the moment that it's not actually possible to do anything useful with a "word processor" (productive people use LaTeX), people installing software like that do spend a lot of time staring at it. Same goes for a web browser. Useful for looking things up, but you can't actually get any work done in it. Yet some people think they can.
Pretty much the only application I use other than Mozilla Firefox lives in a terminal. Most other programmers I know have similar working environments.
Why then does so much code get written to make terminals transparent? And by extension to make fonts fuzzy? The things that are made transparent are not used by the people who make them transparent and the people who do use them have to waste a lot of time turning the damn transparency off and making the fonts readable again.
Again I wonder how "normal people" use computers.
I've worn contact lenses for most of my 'conscious' existence. Bad genes (thanks dad...) and wear and tear are forcing me into glasses now. Not something that makes me happy. Glasses are not compatible with the hyperactive mind. They can get lost, they can get forgotten and they can get mangled. When any of those things happen, I see nothing.
Disaster is imminent.
Not being used to glasses, it feels as if I'm stoned out of my mind whenever I try to walk more than a couple of metres while watching where I'm going. I hope this will get better after a while. Biking to work tomorrow should be a bundle of laughs.
Refreshing to be able to see with both of my eyes though.
Watch this space?
For various reasons, I had to renumber the machine this blog (and a number of other things) run on. A pain, of course, but FreeBSD makes it fairly easy.
First, I shut down all the jails using /etc/rc.d/jail stop. I probably could have renumbered the jails too, but it was easier just to restart them.
I removed all IP addresses except for the one I was talking to, and added the new addresses:
# ifconfig hme0 89.106.240.243 -alias # ifconfig hme0 89.106.240.244 -alias # ... # ifconfig hme0 alias 89.106.240.146/28 # ifconfig hme0 alias 89.106.240.147/32 # ifconfig hme0 alias 89.106.240.148/32 # ...
I also put the new configuration in /etc/rc.conf so things will keep working after the next reboot.
After verifying that I could ping the new addresses from the outside (ie: that the router behaved as expected), I used a trivial little script to fix the routing table:
#!/bin/sh route delete default ifconfig hme0 89.106.240.242 -alias route add default 89.106.240.145 shutdown -r +10
The shutdown -r +10 is just for insurance. :-)
Of course, it just worked!
Then it was just a matter of updating DNS and restarting some services which were bound to the old address only instead of INADDR_ANY.
Unix rules!
My Heathrow experience yesterday went from bad to worse. Turned out my flight was delayed too.
I've come to realize that the full Heathrow experience is a lot like the full English breakfast: too much for most people and each individual ingredient has been chosen for maximum tastelessness and its ability to offend.
Next Heathrow dance: 14 November. I'm looking forward to it already! Not!. Luckily, I'm flying home through Frankfurt on the 24th.
Back to work tomorrow.
Jetlag sucks. Yikes.
13:39 BST
Grrr. I'll rate this Heathrow experience as -8. (For what it's worth, I don't think I've ever had a Heathrow experience more pleasant than -2). I was very happy this morning to learn that my flight from Vancouver would land about an hour before it was scheduled. That would have allowed me to comfortably make my 12:35 connection to Brussels and get home.
Unfortunately, this is Heathrow.
We spent a significant amount of time circling and then sitting around on the tarmac. Of course I missed the 12:35 flight. So now I'm stuck here until 16:20. Gaaargh!
I hate this airport. Why doesn't anything sensible fly direct from Brussels? Or why can't I get decent flights through Frankfurt or other sane airports?
Grumpy and unpleasant.
16:25 PDT
Very impressive! I'm waiting for my flight at YVR and I found there's a YVR_PUBLIC access point that gives me free TCP connectivity to the world. It even runs my IPv6 tunnel without complaint. I don't think I've seen this at many airports. Usually I have to make do with UDP or other tricks.
I should come to this airport more often.
Still doesn't make leaving Canada more fun though...
14:07 PDT
I've packed my bag and I'm now killing some time before I call a taxi to the airport.
Earth is not a small planet. It is now around 14:00 on Friday. I don't get home until 18:30 on Saturday. Somehow, I lose nine hours of time difference along the way too.
I am not looking forward to the flight. I called Air Canada earlier today to remind them that "vegetarian" does not mean the same as "vegan", so hopefully the food will be slightly less bland. I'm not holding great hopes though.
More blogging will follow either at YVR or at LHR.
16:56 PDT
I spent some time this afternoon booking my flights to meetBSD and the FreeBSD 15th anniversary party in California in November. Since I refuse to cross oceans for a weekend, I'm tagging on a customer visit in Boston while I'm "there" (values of "there" adjusted to the size of the country).
United has a very funny idea about "userfriendly". The process of selecting flights and times was remarkably painless. Entering my SAS EuroBonus number was a bit strange though. I'm flying three airlines (BMI, United and Lufthansa) and they provided three boxes for a number and three dropdowns to say where the number comes from.
So I choose SAS three times and enter my number three times. Error "number may not be the same". Gaah! So now I wonder if I'll get all the miles or only the subset I'm flying on BMI (which was the first box). That'll be fun to watch again.
Finally having jumped through all the hoops of entering my details (phone numbers can't have plusses, sigh) I want to enter my billing address. But there's nowhere to choose the country! Turns out that I had to book on the Belgian website - which appears to run on the same server as united.com.
Of course, none of my details were remembered, so I had to jump through all the hoops again. Damn and blast it!
When will "web developers" ever learn? I'm sure there were AS/400 interfaces friendlier than the web! This is madness.
14:59 PDT
In the news today (yes yes, I'm running behind, I'm on holiday you know) this fascinating report of a girl who killed herself because she was afraid the LHC would destroy the world.
Life would be so much easier for the scientists trying to do good work with the LHC if other fear-mongerers and religious fanatics would follow that example instead of trying to interfere with things they don't want to understand.
Not that I'm advocating a Hale-Bopp-style mass suicide event in any way though.
Leave science alone. Let CERN and friends get on with their task of trying to understand the universe.
14:36 PDT
As usual, I nearly forgot about postcards again. How very typical of me. No fear though - bought cards and stamps this morning. Now I just need to walk past a postbox with my brain switched on and the cards on me and the usual suspects will get to enjoy deciphering my hideous handwriting again.
I wrote them at a table this time. Not in a moving train. That might improve matters slightly.
sigh I don't really want to go home tomorrow.
17:44 PDT
I met a very impressive Starbucks-girl today. Not only did she not try to mumble her way out of getting me a random muffin (they're really not trained for that, you know -- it's extremely difficult to be surprised at coffeeshops in Canada), she also recognized the xkcd tshirt I was wearing.
Very impressive.
She didn't feel like being smuggled in my suitcase to Belgium. I bet she'd have considered teleportation!
That is how you earn a tip girls. Study geek culture!
It also solved the question of where to have breakfast tomorrow morning. The pumpkin muffin was very tasty too.
15:35 PDT
Off for a walk in Chinatown today. Couldn't resist the sushi-temptation. I'm not a great fan of cooked fish, but I could eat the raw stuff three times a day every day. Well, not quite. Almost.
Amazingly cheap sushi: $12 for 22 pieces of sushi - mainly rice and not much else but still scrumptious - and 8 pieces of sashimi. That's not very much money at all. And there's not much cheating on sashimi you can get away with...
Excellent stuff.
00:01 PDT
A couple of years ago, my English somehow picked up a Scots burr (or brogue, if you prefer) and I've never quite been able to rid myself of it. I'm not entirely convinced that's is a bad thing though. I'm told Canadians rather like Scots.
This evening, I had a couple of beers with two very nice Scottish girls who are travelling around the world and I fear the accent only got worse (or is that "better"?). It's very contagious!
Particularly words like "where" are totally out in the Highlands now.
We're all doomed, doooooomed I tell you!
The Sikhs in Heathrow on Saturday may be able to help me though. I have six hours of immersion to look forward to. Another day wasted at LHR. Story of my life. I should write a book about it.
Monday at work may be amusing. Don't make me speak English!
Mmm, I wonder if I remember how Dutch works? Or French, for that matter.
Language is a funny thing. Certainly if you have a tendency to pick up strong accents. I should try to meet some South Africans. Or New Zealanders. Perhaps not Yorkshiremen though... :-)
10:29 PDT
North America is a funny place. I think I've mentioned that before. The laws concerning "age limits" confuse me to no end. Children are allowed to drive cars when they're sixteen. That means that they're allowed to operate some of the most dangerous machinery invented by mankind, fueled by some of the most explosive and poisonous substances to be found on earth.
For some reason however, people are not allowed a single beer until they're nineteen (here in BC) or even older in some places.
I'm sure this makes sense to someone. I can see a number of problems with this arrangement though.
Oh well.
Reason I mention this is that we explored the local pub life last night, and there are actually people outside the pubs to verify that all patrons are sufficiently rich in years.
I don't know why this event was called a "pub crawl" though. I can't imagine drinking enough (mass-produced) Canadian beer to make me crawl. And it's like the German stuff too - makes your bladder burst long before you get anywhere near crawling.
Some people tried though. I notice they're not around for breakfast. Mmhmm.
15:16 PDT
I don't like laundry day. Probably the most boring aspect of human existence. Loading clothes into the machine, discovering that it's the wrong machine, moving them to the right machine, waiting for an inconvenient length of time, etc, etc. Yawn.
Yesterday and today, I've been walking around Vancouver some. It feels like a couple of cities rolled into one. Very interesting. I'm trying to plan a day trip to Vancouver island, but there are so many nice things to see there that I can't decide on which one to go to. Mmhmm.
Lunch today was sushi. Very tasty. I like Japanese food. It's surprisingly affordable here. In Belgium, it costs a fortune for unclear reasons.
Before I do anything else today, I need to retrieve my clothes from the infernal laundry machines. Boring.
22:20 PDT
As announced on Friday, I took a day-trip to Whistler. First time I've been up a ski-lift in summer. A novel experience. It was also interesting to note that the lift up the mountain (about 2km) cost as much as a one-way ticket from Vancouver to Whistler (about 120km). Funny, that.
Despite the cost, Whistler was beautiful. We hiked the High Note trail around the peak of the mountain. Quite rocky here and there, but very, very beautiful. The lake about half-way was completely still and turquoise. I filled my water bottle from an ice-cold meltwater stream and the infernal purification drops didn't even spoil the taste much.
I took a fair number of pictures. I'll be sure to upload them when they've been post-processed a bit.
Dinner this evening with Andrew and Oleksandr. The beer was rather nice. A bit sweet perhaps, but I've learned a while ago that it's no possible to get anything not sweet in North America.
And I got burned by the sun up the mountain.
08:28 PDT
Since my hiking companion called off last-minute, I started out on the Stein Valley alone. I quickly realized that it's quite a long hike for one man alone. When my stove also gave up after a couple of days, I decided to stay camping at Lizzie Lake and hike around there instead of hiking the rest of the trail. It was beautiful there! I'll post my pictures soonish.
I'm currently staying at the SameSun hostel in Vancouver. It's a bit different from the HI hostels I usually stay at, but very cool. It's a very Canadian place. I like.
Today, I'm off on a day-trip to Whistler with an Austrian backpacker I met here. My camera will probably be doing overtime again.
Copyright © 2005–2010 Philip Paeps
All rights reserved.