Send notary queries over https

[daveschaefer]

Currently queries are sent to notaries using unencrypted http traffic. Messages are still cryptographically signed and verified using the notary's public key, so they are guaranteed to be correct and secure, but this is not ideal for privacy. Currently anyone watching the network can see the messages being sent and received.

We should update the client so it can send queries to notaries using https/TLS/SSL.

This will require https support on notary servers before it can be added to clients. We should make the clients and servers backwards compatible so they can handle both types of traffic.

Ideally this could be done simply by adding 'https' in the Preferences window. To make sure the connection is trusted we should send all traffic, even the first part of the request, through an https connection.

[DarkSurferZA]

Hi,

New to the project, but I think this is an excellent idea. If the notary server is running on an existing webserver, then you could just use the apache mod_proxy to connect to the notary server. This is ideal as it requires no changes on the notary server side, and only a minor change on the perspectives client side. (The line where you build the absolute URL is changed to not include the "http:" prepend). Would also require the server names to be changed from myperspectivesnotary.com:8080 to http://myperspectivesnotary.com:8080 or https://myperspectivesnotary.com:8080 if it is an https connection. I tested this in my dev area and it looks like it will work. I can send an apache mod_proxy rule for demonstration if required.

[daveschaefer]

Hey, thanks for the note. Currently the notary software uses CherryPy, but I see a few guides on setting up Apache as a wrapper around CherryPy. It also looks like it's possible to enable SSL in CherryPy directly.

Sharing your mod_proxy rule would be great, or even a list of steps if you're willing to write something up.

[daveschaefer]

I'm thinking we'll want an easy way to let people add notaries to their client so they don't have to enter 'https' etc. manually. We may want to look into having a specific file extension or something for this that can be handled by the browser.

[DarkSurferZA]

<IfModule mod_ssl.c> <VirtualHost :443> ServerAdmin webmaster@localhost Servername www.mysite.com LoadModule proxy_module modules/mod_proxy.so ProxyRequests On <Proxy > Order deny,allow Allow from localhost # Or whatever your network is if you need an ACL </Proxy> ProxyPass /perspectives/ http://localhost:8080/ </VirtualHost> </IfModule>

This will interpret all requests to https://www.mysite.com/perspectives/ and forward it on to localhost port 8080. this can also be applied to the standard HTTP port 80 to allow you perspectives server and your existing web site to run side by side. (A few mods to the above apache rule is required though).

A POC is available at https://www.securimeter.co.za/perspectives/ this is not production as my infrastructure is undergoing some changes at the moment.

This has the advantages of not having to give up a web server to run a notary server, and because it runs on port 80 or 443, and it has better accessibility through corporate proxies which i believe to be one of the major stumbling points in terms of uptake of perspectives plugin (for me at least). I have been using it on and off for the last 2-3 years in a corporate environment, hence the reason i originally came up with the mod proxy thing a while back as my corporate proxy only allowed access to port 80 and port 443.

Lastly, i dont think we should remove the https thing. it will allow the user a chance to mix https and http notaries in the same list ie: Https://notary1.com:443 Some server key Http://notary2.com:80 Some server key Https://notary3.com:8080 Yet another server key

Thoughts?

[daveschaefer]

The first part of this - basic https connections - has been implement in version 4.5.

The next step for the client will be to know the certificate hash and verify that it's communicating with the correct server and certificate. We'll need the server to publish it's certificate info before we can do that though.

Server ticket: https://github.com/danwent/Perspectives-Server/issues/19

[ghost]

In the Perspectives 4.5 release note you announced that HTTPS queries are supported. => Resolved? If yes and the servers are already updated, you should also update the default notaries list to HTTPS.

[ghost]

Discussion on mailing list - notaries API specification. Could we provide the notaries public keys as a classic certificate and have the notary list be managed by the browser?

[daveschaefer]

I wasn't planning to resolve this ticket until all of the default notaries were actually using HTTPS queries, which they are currently not. Is that confusing?

Could we provide the notaries public keys as a classic certificate and have the notary list be managed by the browser?

Are you meaning this as a self-signed certificate, or which? If it costs money, I don't think it is a very feasible route for this project. Can you explain a bit more about what you mean by this? (possibly in the mailing list thread)

[rmenessec]

Don't GoDaddy still provide free PKI certs for F/OSS projects?

StartSSL provide free SSL certs, period, but they charge for revocation. Then again, PKI revocation is deeply broken...

ETA: May be first year only.