[Cryptography] Applying the Mesh to do SSH really right

Phillip Hallam-Baker phill at hallambaker.com
Tue Oct 26 23:36:56 EDT 2021

On Tue, Oct 26, 2021 at 9:15 PM Howard Chu <hyc at symas.com> wrote:

> Phillip Hallam-Baker wrote:
> >
> >
> > On Tue, Oct 26, 2021 at 3:22 AM Howard Chu <hyc at symas.com <mailto:
> hyc at symas.com>> wrote:
> >
> >     Phillip Hallam-Baker wrote:
> >     > On Sun, Oct 24, 2021 at 8:40 AM Howard Chu <hyc at symas.com <mailto:
> hyc at symas.com> <mailto:hyc at symas.com <mailto:hyc at symas.com>>> wrote:
> >     >
> >     >     Phillip Hallam-Baker wrote:
> >     >     > April King started a thread on Twitter about how to use SSH
> in the enterprise: Why aren't people using the SSH PKI, why do people roll
> their own key
> >     >     > provisioning scripts knowing these are almost certain to be
> disaster areas?
> >     >
> >     >     Good question. Pretty much every pain point you outline here
> is already solved in enterprises by LDAP.
> >     >     Rolling any other solutions just sounds like pointless
> protocol proliferation.
> >     >
> >     >
> >     > Since a major concern I raised was insider threat and since LDAP
> is a single point of trust, I fail to see how LDAP is remotely relevant.
> >
> >     You cannot eliminate that central point. You have to give someone
> authority to terminate
> >     or disable an employee's access. Anyone who can do so can also reset
> their credentials.
> >
> >
> > Yet the Mesh does exactly that. It is a Threshold Key Infrastructure.
> So how does this Mesh infrastructure solve the problem of HR staff needing
> to be able to provision and
> de-provision accounts for hiring/firing employees, without allowing them
> to set arbitrary creds
> on those accounts?

Threshold signatures. The signature key is split into n parts such that t
are required to sign a document.

Shares are usually split either between an administrator and a service or
multiple administrators. At the moment, the Mesh is focused on threshold
decryption but the architecture is designed to support threshold sigs as
well. Just waiting on CFRG to make some progress on the spec.

So an administrator cannot simply add a person to a decryption group or
provision them with credentials, these operations are gated. There is
cryptographic separation of roles.

You have to bootstrap somehow, if you never used any form of PKI at all
> before. Once users are
> enrolled you can remove/disable their old passwords.

Threshold key distribution is more secure. I do not make use of passwords.
Every interaction is zero user effort and has a work factor of 2^128.

The only time passwords are involved with the Mesh is when people make use
of the Mesh credential catalog as a password vault. And that is designed to
provide an off ramp from password use. Every device that can access the
password vault is provisioned with a public key it can use to authenticate
itself directly. So the strategy is to enable a transition:

1) Alice uses the password vault to remember her existing passwords.

2) Alice has the password vault on every machine she uses and starts making
use of long and strong passwords.

3) User base of Mesh grows to the point that sites support use of the Mesh
authentication keys (e.g. with Fido)

Perhaps you might want to re-read my original proposal in the light of the
fact that I am using a set of technologies you were previously unaware of.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211026/a7feb714/attachment.htm>

More information about the cryptography mailing list