Feature #5763

Monkeysphere

Added by Tails 2013-07-18 07:45:56 . Updated 2018-08-19 11:55:08 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

The Monkeysphere project now proposes a working infrastructure (validation agent, Iceweasel plugin) for validating HTTPS certificates using the GnuPG web-of-trust.

We now install monkeysphere, msva-perl and xul-ext-monkeysphere into the system. Monkeysphere is setup to use a hkps:// keyserver.

Next things to do

We have to wait for a decision regarding which candidate(s) we want to support for the web browser profile with no CA (~~Feature #5766~~).

Use cases

The key problem is… the key: monkeysphere trusts a server’s key if and only if it is signed by a fully trusted key. I think there are two usecases out there:

GnuPG users

The people who use (asymmetric) GnuPG in Tails already deal with their keyring and its persistence (~~Feature #5910~~). They would have to sign the keys for the servers they want to authenticate, persist their keyring somehow, and be done with it.

GnuPG non-users

Quite harder. These ones won’t bother signing keys and so on. They still might be interested in Monkeysphere but they will need to rely on an external authority to sign server keys. As Tails users they already (hopefully) trust Tails developers not to add spyware to this system. They might as well trust them to carefully verify and sign server keys. A possibility is then to mark our own key as fully trusted in the default amnesia user pubring.

Thinking a bit more about it, I’m quite strongly opposed to do that: it would put the Tails developers’ signing key into a "single Certification Authority" role, which I consider to be unhealthy. Trusting the same people and technical infrastructure for software and server authentication is a bit too much and would make the whole Monkeysphere idea meaningless, kind of. —intrigeri

Note: due to Tails developers incapacity to carefully check that many keys with reliable trust-paths, Tails out-of-the-box Monkeysphere support for https will be quite poor. This can be seen as a problem; on the other hand it demonstrates how weak the servers authentication process really is unless you take care of it yourself and reclaim your trust-paths!

Subtasks

Related issues

Related to Tails - ~~Feature #8303~~: Consider re-introducing monkeysphere in Jessie-based images	Resolved	2014-11-25
Blocked by Tails - ~~Feature #5766~~: Web browser profile with no CA	Rejected

History

#1 Updated by intrigeri 2013-07-19 07:03:42

Type of work changed from Wait to Code

#2 Updated by intrigeri 2013-07-19 07:04:06

Subject changed from monkeysphere to Monkeysphere

#3 Updated by BitingBird 2015-01-02 21:03:33

related to ~~Feature #8303~~: Consider re-introducing monkeysphere in Jessie-based images added

#4 Updated by intrigeri 2018-08-19 11:54:56

Tails wrote:
> The Monkeysphere project now proposes a working infrastructure (validation agent, Iceweasel plugin) for validating HTTPS certificates using the GnuPG web-of-trust.

That’s been broken for years and I’m not aware of any plan to fix it.

#5 Updated by intrigeri 2018-08-19 11:55:08

Status changed from Confirmed to Rejected