You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Lemaster <rk...@gmail.com> on 2010/11/20 09:27:03 UTC
Proposed: PKI Authentication for secure web access
I would like to propose an enhancement to the Apache web server for
secure authentication.
If this is the wrong list, pls. reply with the correct list and I will
post it there.
SSH allows a user to create a public/private key pair and use that for
authentication. This is much more secure than simply using passwords
and adds the ability to add 'something you have' for multi-factor
authentication. I propose that the same functionality would be enabled
for web authentication.
This functionality would require support on the server and in the
client browser. The server would need to have the ability to store and
recognize a public keys for authentication. The client browser would
need to have the ability to create public/private keys and store them
securely. It would also need to have the ability to copy the keys to
other computers (home/work) or store them on a USB thumb drive for
remote access.
This functionality would be used primarily for web sites that require
secure authentication, such as banks, Ebay, and Paypal.
Do you think this is a good idea?
Re: Proposed: PKI Authentication for secure web access
Posted by Arturo 'Buanzo' Busleiman <bu...@buanzo.com.ar>.
Been there, done that:
http://wiki.buanzo.org (enigform and mod_openpgp)
Not x509, though.
On 11/20/10, Rob Lemaster <rk...@gmail.com> wrote:
> I would like to propose an enhancement to the Apache web server for
> secure authentication.
>
> If this is the wrong list, pls. reply with the correct list and I will
> post it there.
>
> SSH allows a user to create a public/private key pair and use that for
> authentication. This is much more secure than simply using passwords
> and adds the ability to add 'something you have' for multi-factor
> authentication. I propose that the same functionality would be enabled
> for web authentication.
>
> This functionality would require support on the server and in the
> client browser. The server would need to have the ability to store and
> recognize a public keys for authentication. The client browser would
> need to have the ability to create public/private keys and store them
> securely. It would also need to have the ability to copy the keys to
> other computers (home/work) or store them on a USB thumb drive for
> remote access.
>
> This functionality would be used primarily for web sites that require
> secure authentication, such as banks, Ebay, and Paypal.
>
> Do you think this is a good idea?
>
Re: Proposed: PKI Authentication for secure web access
Posted by Issac Goldstand <ma...@beamartyr.net>.
You can use self-signed client certs too. You just have to explicitly
tell Apache what to trust and what not to trust. You can also use your
own in-house CA, if applicable.
Issac
On 20/11/2010 22:55, Rob Lemaster wrote:
> Thanks for that explanation Graham!
>
> I wasn't thinking in terms of CA-signed certificates like you and
> Issac pointed out, but more of a PGP-type model, where I could use my
> own self-signed public/private key pair created in Firefox to
> authenticate to many web sites. I realize that self-signed certs
> aren't as secure (from the server's point of view), but I could
> authenticate and answer pre-assigned secret questions before uploading
> my public key to confirm my identity before the server accepts it. I'd
> still be grateful for the additional security of CA-signed certs if my
> bank and Paypal would use them..
>
> -rob
>
> On Sat, Nov 20, 2010 at 12:42 PM, Graham Leggett <mi...@sharp.fm> wrote:
>
>> mod_ssl is used solely for https, yes, but the feature you're looking for is
>> built into https by default already.
>>
>> Certificates work symmetrically, both sides have the power to require the
>> other side to present a valid certificate.
>>
>> In the case you might be most familiar with, only one side has a certificate
>> (the server). The other side (the browser) has no certificate. In this
>> scenario, the browser can be sure it is speaking to the right server,
>> because the server presented a signed certificate, but the server has no
>> idea about the browser. Usually, some other authentication mechanism is used
>> to identify the browser, of varying strengths (passwords, etc).
>>
>> In the case you want however, both sides of the connection are configured to
>> require a certificate from the other side. The certificates do the same job
>> as the keys that are exchanged in your SSH configuration, they allow the
>> other side to say "yup, I trust you", and that trust works both ways.
>>
>> Unlike an SSH key however, a certificate contains embedded within it details
>> of the person (or thing) that owns the certificate, but these are details as
>> far as the protocol is concerned.
>>
>> Regards,
>> Graham
>> --
>>
>>
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
Thanks for that explanation Graham!
I wasn't thinking in terms of CA-signed certificates like you and
Issac pointed out, but more of a PGP-type model, where I could use my
own self-signed public/private key pair created in Firefox to
authenticate to many web sites. I realize that self-signed certs
aren't as secure (from the server's point of view), but I could
authenticate and answer pre-assigned secret questions before uploading
my public key to confirm my identity before the server accepts it. I'd
still be grateful for the additional security of CA-signed certs if my
bank and Paypal would use them..
-rob
On Sat, Nov 20, 2010 at 12:42 PM, Graham Leggett <mi...@sharp.fm> wrote:
> mod_ssl is used solely for https, yes, but the feature you're looking for is
> built into https by default already.
>
> Certificates work symmetrically, both sides have the power to require the
> other side to present a valid certificate.
>
> In the case you might be most familiar with, only one side has a certificate
> (the server). The other side (the browser) has no certificate. In this
> scenario, the browser can be sure it is speaking to the right server,
> because the server presented a signed certificate, but the server has no
> idea about the browser. Usually, some other authentication mechanism is used
> to identify the browser, of varying strengths (passwords, etc).
>
> In the case you want however, both sides of the connection are configured to
> require a certificate from the other side. The certificates do the same job
> as the keys that are exchanged in your SSH configuration, they allow the
> other side to say "yup, I trust you", and that trust works both ways.
>
> Unlike an SSH key however, a certificate contains embedded within it details
> of the person (or thing) that owns the certificate, but these are details as
> far as the protocol is concerned.
>
> Regards,
> Graham
> --
>
>
Re: Proposed: PKI Authentication for secure web access
Posted by Graham Leggett <mi...@sharp.fm>.
On 20 Nov 2010, at 10:19 PM, Rob Lemaster wrote:
> Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
> would like to use PKI for user authentication like you can in SSH on
> top of the encryption provided by HTTPS. The most secure option I see
> available for web authentication currently is OTP tokens (RSA,etc)
> that only work on one web site.
mod_ssl is used solely for https, yes, but the feature you're looking
for is built into https by default already.
Certificates work symmetrically, both sides have the power to require
the other side to present a valid certificate.
In the case you might be most familiar with, only one side has a
certificate (the server). The other side (the browser) has no
certificate. In this scenario, the browser can be sure it is speaking
to the right server, because the server presented a signed
certificate, but the server has no idea about the browser. Usually,
some other authentication mechanism is used to identify the browser,
of varying strengths (passwords, etc).
In the case you want however, both sides of the connection are
configured to require a certificate from the other side. The
certificates do the same job as the keys that are exchanged in your
SSH configuration, they allow the other side to say "yup, I trust
you", and that trust works both ways.
Unlike an SSH key however, a certificate contains embedded within it
details of the person (or thing) that owns the certificate, but these
are details as far as the protocol is concerned.
Regards,
Graham
--
Re: Proposed: PKI Authentication for secure web access
Posted by "Edward Z. Yang" <ez...@MIT.EDU>.
Hello Rob,
We use SSL Client Certificates extensively here at MIT. They are quite
convenient for developers: if you want to plug into the existing campus
wide authentication system, just ask for a client cert and you don't need
to reimplement any authentication system.
Cheers,
Edward
Re: Proposed: PKI Authentication for secure web access
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Sunday 21 November 2010, Graham Leggett wrote:
> In our experience, unlike technical people, end users don't know
> that certificates are supposed to be hard, and so have never
> known they were supposed to consider certificates a problem. As a
> result, it's been very successful.
If everything works, ok. But in my experience, a big problem is that
browsers' error messages related to client certificates are mostly of
the quality "Something related to SSL does not work". And this is not
limited to MSIE.
Re: Proposed: PKI Authentication for secure web access
Posted by Issac Goldstand <ma...@beamartyr.net>.
lol. In the meantime, it's still useful for implementation in closed
organizations where it's easy to enforce client cert policies (and easy
to use a CA model)
On 21/11/2010 10:11, Rob Lemaster wrote:
> This is good info. Thanks for your responses. So I guess the problem
> isn't that the functionality isn't available, but that it's hard to
> get end users to adopt it. This makes me sad. When I become Emperor, I
> will require all secure web sites to implement this functionality and
> the world will be a better place.
>
> -rob
>
>
> On Sat, Nov 20, 2010 at 8:59 PM, Sander Temme <sc...@apache.org> wrote:
>> On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote:
>>
>>> Thanks for the link Issac. If this is already in Apache, why isn't
>>> everyone using it?
>> Because key management is just too freaking hard, and too much of a management and support burden.
>>
>> For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech?
>>
>> S.
>>
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
This is good info. Thanks for your responses. So I guess the problem
isn't that the functionality isn't available, but that it's hard to
get end users to adopt it. This makes me sad. When I become Emperor, I
will require all secure web sites to implement this functionality and
the world will be a better place.
-rob
On Sat, Nov 20, 2010 at 8:59 PM, Sander Temme <sc...@apache.org> wrote:
>
> On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote:
>
>> Thanks for the link Issac. If this is already in Apache, why isn't
>> everyone using it?
>
> Because key management is just too freaking hard, and too much of a management and support burden.
>
> For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech?
>
> S.
>
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
Now that's what I'm talking about. Are you guys hiring?
On Sun, Nov 21, 2010 at 12:06 PM, Graham Leggett <mi...@sharp.fm> wrote:
> In our experience, the hardest part about using certificates is overcoming
> the perception held by technical people that it's hard to use certificates.
>
> Over the last three years, we have rolled out a certificate based
> infrastructure across a large organisation, with certs for all employees and
> external suppliers. The basic premise is that usernames and passwords are
> banned (unless completely unavoidable), and that your certificate gives you
> whatever access you need. Everything that requires "registration" of some
> kind has been configured to auto-register people from details in the
> certificates, so we have no centralised directory of any kind for people
> with certificates. Lots of problems evaporated as a result. When the
> certificate expires, or is revoked, the portcullis comes crashing down and
> you're locked out everywhere. There are no residual "does person X still
> have access" problems.
>
> For end users, life is simple. If you need to access something, you simply
> go there, job done. No login forms, no registration, no asking somebody for
> access, no "forgot your password" forms, no obscure username that is
> annoyingly different to all your other usernames.
>
> In our experience, unlike technical people, end users don't know that
> certificates are supposed to be hard, and so have never known they were
> supposed to consider certificates a problem. As a result, it's been very
> successful.
>
> Regards,
> Graham
> --
>
>
Re: Proposed: PKI Authentication for secure web access
Posted by Graham Leggett <mi...@sharp.fm>.
On 21 Nov 2010, at 6:59 AM, Sander Temme wrote:
>> Thanks for the link Issac. If this is already in Apache, why isn't
>> everyone using it?
>
> Because key management is just too freaking hard, and too much of a
> management and support burden.
>
> For God's sake, if we can't even get the Apache developer community
> to use PGP without handholding, how would you expect the general
> public to handle this tech?
In our experience, the hardest part about using certificates is
overcoming the perception held by technical people that it's hard to
use certificates.
Over the last three years, we have rolled out a certificate based
infrastructure across a large organisation, with certs for all
employees and external suppliers. The basic premise is that usernames
and passwords are banned (unless completely unavoidable), and that
your certificate gives you whatever access you need. Everything that
requires "registration" of some kind has been configured to auto-
register people from details in the certificates, so we have no
centralised directory of any kind for people with certificates. Lots
of problems evaporated as a result. When the certificate expires, or
is revoked, the portcullis comes crashing down and you're locked out
everywhere. There are no residual "does person X still have access"
problems.
For end users, life is simple. If you need to access something, you
simply go there, job done. No login forms, no registration, no asking
somebody for access, no "forgot your password" forms, no obscure
username that is annoyingly different to all your other usernames.
In our experience, unlike technical people, end users don't know that
certificates are supposed to be hard, and so have never known they
were supposed to consider certificates a problem. As a result, it's
been very successful.
Regards,
Graham
--
Re: Proposed: PKI Authentication for secure web access
Posted by Sander Temme <sc...@apache.org>.
On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote:
> Thanks for the link Issac. If this is already in Apache, why isn't
> everyone using it?
Because key management is just too freaking hard, and too much of a management and support burden.
For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech?
S.
> On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand <ma...@beamartyr.net> wrote:
>
>> Nope, you have full x509 based authentication out-of-the-box. See
>> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients
>>
>> Issac
>>
>
>
--
Sander Temme
sctemme@apache.org
PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
View my availability: http://tungle.me/sctemme
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
I understand your skepticism, but I am not advocating a complex CA
infrastructure and I have more faith in end users (possibly
misplaced). IMHO, it is reasonable for users to take that extra step
for their banking site or SSL-VPN. It's really not that big a deal to
generate a key pair in PuTTY, I can't imagine it would be that hard in
Firefox. The question about whether it will be immediately and
enthusiastically adopted by end users on their Facebook site is not
the point.
A bank or Paypal does not need to issue certificates. In fact, I
believe that self-signed keys like in the PGP model would be more
appropriate, because that key pair could be used for multiple sites. A
single key pair could be used in different browsers and computers, and
if they are lost, a new key pair could be generated and the old pair
revoked by the user just like in PGP. With self-signed keys, you don't
need to deal with CAs, CRLs, etc., which I agree would be too
burdensome.
Generating a key pair for SSH is pretty trivial, and using a wizard in
Firefox would simplify it enough to be accessible to just about
anyone.
Yes, authentication boils down to trust. This is the advantage of
using multi-factor authentication. You would then have something you
know (username and password) and something you have (private key).
This is required in the newer PCI & HIPAA requirements as well.
On Sat, Nov 20, 2010 at 1:57 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
> For those who have a real security need to authenticate their clients in
> this way, and are willing to accept the hassles of this method, it is
> definitely used. However, the idea that a bank or paypal would issue
> certificates for each of its end users can get cumbersome very fast. See,
> the private key would be managed by the user. Users (and even some server
> administrators) are terribly poor at managing their private keys in a safe
> and secure fashion. Some potential complications are a user switching
> browsers, a user switching computers, a user's key becoming compromised,
> loss of the key, etc... On top of that, the signing institution would need
> to be able to keep track of certificates it should no longer accept via
> CRL's and have infrastructure ready to verify the cert is still valid.
>
> Essentially, the logistics of getting END USERS to generate a key of
> appropriate size (and getting them to keep it safe), send a CSR, sign and
> return a certificate to them as well as the unavoidable technical support
> involved makes this an unattractive option to large institutions because the
> average Internet denizen isn't expected to know how to do this stuff The
> Right Way.
>
> P.S.
> IMHO, this conversation applies to PKI, X509 client authentication and even
> password authentication... all of these mechanisms boil down to the fact
> that there is some entity that knows who the user is and that your server
> will have to take a leap of faith at some point to trust that the user
> sitting at the keyboard is who they say they are.
>
> --
> Daniel Ruggeri
>
>
Re: Proposed: PKI Authentication for secure web access
Posted by Daniel Ruggeri <DR...@primary.net>.
On 11/20/2010 2:39 PM, Rob Lemaster wrote:
> Thanks for the link Issac. If this is already in Apache, why isn't
> everyone using it?
>
>
> On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand<ma...@beamartyr.net> wrote:
>
>> Nope, you have full x509 based authentication out-of-the-box. See
>> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients
>>
>> Issac
>>
For those who have a real security need to authenticate their clients in
this way, and are willing to accept the hassles of this method, it is
definitely used. However, the idea that a bank or paypal would issue
certificates for each of its end users can get cumbersome very fast.
See, the private key would be managed by the user. Users (and even some
server administrators) are terribly poor at managing their private keys
in a safe and secure fashion. Some potential complications are a user
switching browsers, a user switching computers, a user's key becoming
compromised, loss of the key, etc... On top of that, the signing
institution would need to be able to keep track of certificates it
should no longer accept via CRL's and have infrastructure ready to
verify the cert is still valid.
Essentially, the logistics of getting END USERS to generate a key of
appropriate size (and getting them to keep it safe), send a CSR, sign
and return a certificate to them as well as the unavoidable technical
support involved makes this an unattractive option to large institutions
because the average Internet denizen isn't expected to know how to do
this stuff The Right Way.
P.S.
IMHO, this conversation applies to PKI, X509 client authentication and
even password authentication... all of these mechanisms boil down to the
fact that there is some entity that knows who the user is and that your
server will have to take a leap of faith at some point to trust that the
user sitting at the keyboard is who they say they are.
--
Daniel Ruggeri
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
Thanks for the link Issac. If this is already in Apache, why isn't
everyone using it?
On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand <ma...@beamartyr.net> wrote:
> Nope, you have full x509 based authentication out-of-the-box. See
> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients
>
> Issac
>
Re: Proposed: PKI Authentication for secure web access
Posted by Issac Goldstand <ma...@beamartyr.net>.
On 20/11/2010 22:19, Rob Lemaster wrote:
> Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
> would like to use PKI for user authentication like you can in SSH on
> top of the encryption provided by HTTPS. The most secure option I see
> available for web authentication currently is OTP tokens (RSA,etc)
> that only work on one web site.
>
> thanks,
> -rob
>
Nope, you have full x509 based authentication out-of-the-box. See
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients
Issac
Re: Proposed: PKI Authentication for secure web access
Posted by Rob Lemaster <rk...@gmail.com>.
Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
would like to use PKI for user authentication like you can in SSH on
top of the encryption provided by HTTPS. The most secure option I see
available for web authentication currently is OTP tokens (RSA,etc)
that only work on one web site.
thanks,
-rob
On Sat, Nov 20, 2010 at 5:37 AM, Graham Leggett <mi...@sharp.fm> wrote:
>
> Is there anything here that isn't already done by X509 client certificates,
> as offered by mod_ssl?
>
> Regards,
> Graham
Re: Proposed: PKI Authentication for secure web access
Posted by Graham Leggett <mi...@sharp.fm>.
On 20 Nov 2010, at 10:27 AM, Rob Lemaster wrote:
> SSH allows a user to create a public/private key pair and use that for
> authentication. This is much more secure than simply using passwords
> and adds the ability to add 'something you have' for multi-factor
> authentication. I propose that the same functionality would be enabled
> for web authentication.
>
> This functionality would require support on the server and in the
> client browser. The server would need to have the ability to store and
> recognize a public keys for authentication. The client browser would
> need to have the ability to create public/private keys and store them
> securely. It would also need to have the ability to copy the keys to
> other computers (home/work) or store them on a USB thumb drive for
> remote access.
>
> This functionality would be used primarily for web sites that require
> secure authentication, such as banks, Ebay, and Paypal.
>
> Do you think this is a good idea?
Is there anything here that isn't already done by X509 client
certificates, as offered by mod_ssl?
Regards,
Graham
--