-
karolyi
shameless self-advertisement: in case you need a TLSA records updater for your BIND and certbot-based certificates: https://gitea.ksol.io/karolyi/daneupdate
-
moparisthebest
karolyi: why not just... Not rotate keys?
-
amarachi
why not rotate them every so often?
-
karolyi
moparisthebest, you can do it that way too, but rotating them gives a bit better opsec
-
moparisthebest
How?
-
Polarian
how would you _not_ rotate TLS certificates?
-
karolyi
if your private key isn't rotated and stolen once, you are compromised forever if your private key is rotated while stolen once, you're compromised for 2 months at most this way
-
Polarian
an issued certificate can not be extended, only reissued...
-
Polarian
unless im missing something?
-
moparisthebest
Polarian: key, not cert
-
Polarian
ohhh
-
Polarian
right
- Polarian idiot
-
moparisthebest
karolyi: if your key is stolen you have bigger problems, it's not helpful to do unless your server has been compromised
-
amarachi
But aren't actual keys ephemeral?
-
Polarian
moparisthebest, same argument applies with GPG keys
-
Polarian
amarachi, thats what I thought
-
amarachi
So a compromised key would allow mitm but not decryption of past passively recorded connections
-
karolyi
amarachi, that too, yes
-
Polarian
if distros rotate signing keys, surely rotating a TLS key should be done too?
-
amarachi
It should be noted your server wouldn't have to be directly compromised Eg. When zenbleed came out I was able gl acquire private keys from other instances on some cloud providers
-
karolyi
moparisthebest: absolute security doesn't exist, but it's better to make efforts to harden your server, and rotating TLS keys is part of that
-
Polarian
https://security.stackexchange.com/a/86014
-
Polarian
google rotates theirs monthly?
-
moparisthebest
https://pages.nist.gov/800-63-3/sp800-63b.html > Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. passwords are way weaker and more likely to leak than private TLS keys
-
amarachi
Keys aren't passwords and don't have the same human element
-
moparisthebest
> moparisthebest: absolute security doesn't exist, but it's better to make efforts to harden your server, and rotating TLS keys is part of that I hard disagree, it's completely worthless to rotate keys, provides no additional security or "hardening" at all ↺
-
amarachi
Please rotate them
-
moparisthebest
No, never rotate them
-
karolyi
moparisthebest: I guess you disagree with the entire premise of letsencrypt then?
-
moparisthebest
Then I can't tell if you rotated them or an attacker made a new key
-
moparisthebest
> moparisthebest: I guess you disagree with the entire premise of letsencrypt then? Absolutely not, LE is great, I use them all the time and never rotate keys ↺
-
karolyi
but their default way of working is to rotate private keys, and you have to explicitly set it not to, you know that?
-
karolyi
besides, the --reuse-key option was only added recently
-
moparisthebest
I've been using letsencrypt from day 1 and never rotated a key once
-
moparisthebest
I think I started with letsencrypt.sh which is now... Is it dehydrated.sh ? I use acme.sh now though
-
karolyi
ah, that's why. certbot is set to rotate keys by default
-
snikket dot deeeeee
How often is everyone rotating ssh Keys?
-
amarachi
snikket dot deeeeee: every minute
-
snikket dot deeeeee
I don't rotate the letsencrypt key, I may do it manually when I feel like it, but not soo often. We're OK with cert rotation every three month. So why not cert key every three years
-
snikket dot deeeeee
amarachi: and honestly, never I assume
-
snikket dot deeeeee
SSH is rotates when you get a new server, right?
-
moparisthebest
The only time I ever rotate keys is when I move services between remote servers I don't control, like VPS's or whatever, I try not to move keys over the internet but if I do I replace them shortly after Otherwise there's no benefit to it
-
karolyi
in my case, I used the default certbot functionality that rotates the private keys every 3 months (every 2 months that is, since it renews 30 days before certificate expiration). and I needed the TLSA records rotation, so I wrote this tool that does it successfully
-
karolyi
already using it, works nicely
-
karolyi
but, each to its own I guess
-
snikket dot deeeeee
There is nothing wrong with your setup, why not 👍
-
snikket dot deeeeee
It's just not totally insecure, to not rotate it all the time in my opinion.
-
karolyi
I never claimed that :)
-
karolyi
the whole idea came out of the jabber.ru mitm debacle, though it would be nice for browsers to be able to check on TLSA records as well
-
moparisthebest
Rotating keys would have had no effect on the jabber.ru MITM But TLSA would and that's easier and more reliable without rotating keys
-
amarachi
The current built in resolvers in Chrome and Firefox don't even support dnssec
-
Polarian
has the jabber.ru mitm been found to be anything other than a legal wire tap?
-
snikket dot deeeeee
And the Firefox addon doesn't work anymore I think
-
snikket dot deeeeee
Nothing has been found Polarian, not in one way or the other
-
karolyi
I guess hetzner uses their plausible deniability
-
Polarian
If the assumption of a legal wire tap is true... then jabber.ru is an invalid example of poor security
-
amarachi
Polarian: how? This tooling didn't exist before that incidenr
-
moparisthebest
> If the assumption of a legal wire tap is true... then jabber.ru is an invalid example of poor security That makes no sense but ok... ↺
-
amarachi
And even still official conversations doesn't enforce tlsa yet
-
amarachi
Which is what most use
-
moparisthebest
amarachi: what tooling? I've had TLSA records for over a decade
-
amarachi
moparisthebest: yes but what clients actually checked it?
-
amarachi
For email and boutique software, yes, for xmpp no
-
moparisthebest
Many servers did, I think maybe Conversations did?
-
amarachi
moparisthebest: it doesn't today
-
MattJ
Channel binding was supported by multiple clients and servers before the incident (well, not over TLS 1.3, but that's been fixed now). But jabber.ru was running an ancient version of ejabberd.
-
amarachi
MattJ: supported but not mandated
-
MattJ
It is pinned by Conversations
-
Polarian
also TLSA relies on DNSSEC, and DNSSEC for any authoritive dns server host I have seen, use their own keys... thus they sign what is "legit", what stops them from modifying the record? Host your own authoritative DNS server? in the cloud? well nothing stops your provider from modifying any record and yanking your keys with it too. Therefore under the case of legal wiretap, unless you self host everything, you are always vulnerable. THAT is why I said jabber.ru would be a bad example IF the assumption was correct
-
MattJ
So if it's ever supported, the server can never disable it
-
karolyi
I think Cheogram supports TLSA records
-
karolyi
... on android
-
amarachi
Is there a matrix for other clients? Gajim? Dino? Profanity?
-
amarachi
Libraries like smack?
-
Polarian
> Libraries like smack? smack and whack... xD ↺
-
karolyi
Polarian, you can use dnscrypt in which you can set to only use dnssec validating servers
-
amarachi
karolyi: that doesn't solve that
-
Polarian
> Polarian, you can use dnscrypt in which you can set to only use dnssec validating servers You missed my point ↺
-
Polarian
you must trust your providers
-
Polarian
no matter how much security you stick onto your servers, your provider still has a certain amount of power
-
karolyi
there are a whole slew of arguments against dnssec, it can be poisoned at the TLDs and so on, but so far, other than going fully darkweb, it's the most secure solution
-
amarachi
Polarian: just connect the 240v to the chassis
-
Polarian
> there are a whole slew of arguments against dnssec, it can be poisoned at the TLDs and so on, but so far, other than going fully darkweb, it's the most secure solution I don't use DNSSEC currently because registrars make you pay A LOT for it ↺
-
Polarian
and moving to a self hosted authoritative DNS server is low on my priority list
-
karolyi
eh, is that so? I use namecheap, it's free to set your DS records for your nameservers there
-
amarachi
Polarian: if your registrar charges you for dnssec, find another one
-
Polarian
no DNSSEC no TLSA
-
snikket dot deeeeee
https://certwatch.xmpp.net/ It's not nessesary for every client to support it. I the jabber.ru case, if jaut some would have noticed, or this service I linked existed. It would've been spotted✎ -
Polarian
> Polarian: if your registrar charges you for dnssec, find another one switching registrars can distrupt service ↺
-
snikket dot deeeeee
https://certwatch.xmpp.net/ It's not nessesary for every client to support it. I the jabber.ru case, if just some would have noticed, or this service I linked existed. It would've been spotted ✏
-
Polarian
I would have switched because of the outrageous amount of money they are sticking my domain up by
-
moparisthebest
Polarian: don't fall into the "if this one thing doesn't prevent all attacks perfectly it's useless" trap, there is no such thing, it's all layers On DNSSEC I own my own keys, it's free with any decent registrar, I'm using porkbun now and recommend it
-
Polarian
when I signed on it was £10/yr, its now almost £40/yr
-
Polarian
I assume it will be up to £50/yr next year
-
amarachi
Polarian: them move!
-
moparisthebest
Switching registrars should never impact service...
-
Polarian
> Switching registrars should never impact service... should... but some make it difficult ↺
-
karolyi
I concur
-
moparisthebest
porkbun is great, switch now
-
Polarian
I have a better registrar I will move to anyways
-
Polarian
just not right now I have better things to do
-
Polarian
like passing university 🙂
-
moparisthebest
Gandi used to be great but sadly recently got bought out :'(
-
amarachi
Is anyone working on a new manifesto? For recommending/mandating many of these security improvements we've seen over the past while?
-
moparisthebest
amarachi: do it!
-
Polarian
> Gandi used to be great but sadly recently got bought out :'( I heard of them, what made them so good anyways? ↺
-
karolyi
just looked at porkbun, .io TLD's aren't that much cheaper to make me move
-
Polarian
I still am curious what makes a registrar good or bad
-
karolyi
offered services and prices?
-
Polarian
My list: - decent pricing - glue record support (some don't let you even change your ns records which is stupid) - API support - DNSSEC
-
Polarian
namecheap for example (until recently it seemed) made you pay £50 for use of their API
-
Polarian
or at least in my case
-
Polarian
"please deposit a further £30 into your wallet to use API"
-
moparisthebest
Polarian: correct, all those
-
Polarian
but my point is
-
Polarian
why say "gandi used to be great"
-
Polarian
and then switch to porkbun?
-
Polarian
why are the registrar you are shilling better than the rest basically?
-
moparisthebest
If you want absolute cheapest, and also DNSSEC (but you can't run your own) then cloudflare
-
Polarian
im never paying cloudflare for domains
-
karolyi
I used to use cloudflare with namecheap, until I started building my own solution and completely moved away from them. clouflare is a mitm per definition anyway, and I only used their DNS services. now I have a small vps running as a secondary, with dnssec, and mostly use namecheap with the configured NSes and DSes
-
Polarian
I looked into becoming a registrar
-
Polarian
its not _too_ expensive
-
moparisthebest
Polarian: because gandi used to have all those features and now is raising prices, and removing or charging extra for them?
-
Polarian
> Polarian: because gandi used to have all those features and now is raising prices, and removing or charging extra for them? ah ↺
-
Polarian
but thats all companies these days
-
moparisthebest
So I'd rather both save money and financially support a company that isn't doing that, win win
-
Polarian
I guess it makes sense
-
Polarian
but it always seems like: - Open source community shills a registrar - Everyone moves to said registrar - Said registrar gets rich and starts abusing their power - Repeat
-
amarachi
It should be noted many registrars will issue certificates for your domains without being obvious
-
amarachi
Please check crt.sh for your domains
-
amarachi
And setup CAA
-
amarachi
I think porkbun does
-
karolyi
> And setup CAA this, but unironically
-
amarachi
And cloudflare does too obviously
-
karolyi
CAA with the 128 flag, that cloudflare won't allow for in their DNS service... laughable
-
karolyi
but then again, in my opinion the CAA won't matter much either when governmental CAs will be mandated
-
Polarian
If people go with porkbun right now... are they going to have to move in 3 years because the registrar goals changed?
-
karolyi
in that case, I'd say TLSA with 3 0 2
-
amarachi
Polarian: that is life
-
amarachi
karolyi: your computer already likely trusts dozens of gov CAs
-
karolyi
yea
-
Polarian
> Polarian: that is life not if you pay more for a registrar whos tried and tested ↺
-
Polarian
same with ISPs
-
Polarian
older ones tend to be more expensive, but they are tried and tested
-
karolyi
this is why TLSA enforcement AND channel binding auth is more and more important, but I don't see clients supporting them much
-
Polarian
anyways porkbun.io seems like a typical minecraft hosting company set up by a 16 year old
-
Polarian
Anyways im likely going to go with mythic beasts
-
Polarian
incorporated in the same country as me, little pricy, but tried and tested (and pop up a lot in the open source community)
-
amarachi
Polarian: mythic is pretty good
-
Polarian
I'm aware :)
-
Polarian
but they are pretty pricy compared to the _cheap_ option
-
amarachi
But they are likely co-opted by gchq
-
Polarian
> But they are likely co-opted by gchq and this is paranoia
-
Polarian
and US companies are in the NSAs pocket
-
Polarian
invalid argument, can be used against ANY company
-
unix.dog
> CAA with the 128 flag, that cloudflare won't allow for in their DNS service... laughable Cloudflare's DNS input on the website won't let you because it's only a drop down, but you can import a TXT file with the record and it will let you ↺