##################################### Hockeypuck: Open source GPG keyserver ##################################### :Speaker: Casey Marshall :Date: 2013-02-24 :Site: http://launchpad.net/hockeypuck Intro ===== + Public Key Servers to validate identities + GnuPG Keyserver example:: gpg --keyserver ketserver.foo.com --search-keys me@foo.com + Secure email (SMIME), e.g. Thunderbird + enigmail plugin + Verifying software packages (apt, yum, App Store, etc.) + OS packages:: sudo apt-key adv --keyserver keyserver.foo.com --recev 7F0CEB10 + Search by name:: gpg --keyserver ks.foo.com --search-keys barack obama gpg: searching for "barack obama" from hkp server ks.foo.com What is a Key Server? ===================== + HKP (HTTP Keyserver Protocol) - RESTful HTTP API + Read Ops - ``/pks/lookup?`` - ``search={kw} - fingerprint or shortened suffix - ``op=get`` - ``op=index``, ``op=vindex`` + Write Ops - ``/pks/add`` - Merge key material (new sigs, revocations) + PKS (SMTP Protocol) SKS: Sync Key Server -------------------- + Berkley DB storage + Global distributed db + SKS global pool, highly distributed and sharded + Makes it difficult for anyone to control or forge a key Gazzang zTrustee ---------------- + Commercial KS, closed source + Opaque object store + "You get what you put" + Built on OpenPGP + Cannot decrypt + Multi-factor authorization (email or API) Hockeypuck ========== + Written in go - Simplicity, modularity - "Static duck typing" - Concurrency + Backed by MongoDB + Indexd by reversed fingerprint + Full-text search + Pretty fast: 2M keys in ~24 hours - OpenPGP v3 sigs not yet supported - Database is the bottleneck (thanks MongoDB) PGP Self-Signatures ------------------- + Signature-checking "optional"? + If you don't check it, others can add attributes (BAD) + GPG will throw it out because it is not self-signed and doesn't match SKS Reconciliation ================== + Distributed db + Reperesent db as polynomial, diffs as a ratio + Share sample points and ... interpolate?? - See: Conflux (github cmars/conflux) - ...not just for keys anymore! + Content-addressable things (digitally sign all the things) - Messages, images, contacts - File/folder sync - Location servers Building Trust ============== + Add multiple factos to a key exch - rendezvous for key exchange - identites beyond email (e.g. facebook) + Keep keyservers distributed - Promote diversity, avoid monoculture Identity Management =================== + Certify yourself - Provide id to ks - Sign something, upload to an account you control - Link a public key to OpenID or OAuth accounts? + Hide yourself - From all searches? - Unless search request is signed by X keys? + Delete yourself! - Store this key on zero or more keyservers - "Hey, this key server burned me!" + Decide for yourself - Group-level visibility, certifications SSH === Host Authenticity ----------------- + Trust established the first time you connect (accepting host key) + SSHFP DNS records + What about cloud? + J-PAKE mediated by Hockeypuck - Secure remote handshaking by intermediary - Authenticate key out-of-band! + SSH, shell script wrappers and Hockeypuck User Authenticity ----------------- + Some SSH key server you might not know... - Launchpad (trusted users can see each others SSH keys!) - GitHub + ``ssh-import-id gh:cmars lp:kirkland`` + Add authenticity with PGP - ``ssh-import-id pgp:0x44A2D1Db`` - "Server-side Monkeysphere"? Certificate Authorities ======================= + ONE KEY TO RULE THEM ALL AND IN THE DARKNESS SIGN THEM (lulz) + convergence.io protocol, act as notary + PGP sigs on certs + "Too big to fail?" - Translation: "Brings failure to others" - Or: "Youre' not trying hard enough"