autonomic-cooperative/capsul-flask
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

replace nonsensical namecoin plug with "Why ssh more ssh"

Browse Source
This commit is contained in:
forest
2021-01-31 02:09:42 -06:00
parent d878a07350
commit a853eeef69
1 changed files with 22 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
capsulflask/templates/about-ssh.html
View File

@ -301,38 +301,32 @@ Host key verification failed.
with confidence that they are not being MITM attacked.
</p>
<div class="row half-margin"><h1>It's 2021. Can't we do better than this? What's next?</h1></div>
<div class="row half-margin"><h1>Why ssh more ssh</h1></div>
<p>
Glad you asked 😜.
SSH is a relatively low-level protocol, it should be kept simple and it should not depend on anything external.
It has to be this way, because often times SSH is the first service that runs on a server, before any other
services or processes launch. SSH server has to run no matter what, because it's what we're gonna depend on to
log in there and fix everything else which is broken! Also, SSH has to work for all computers, not just the ones which
are reachable publically. So, arguing that SSH should be wrapped in TLS or that SSH should use x.509 doesn't make much sense.
</p>
<hr/>
<p>
> ssh didnt needed an upgrade. SSH is perfect
</p>
<hr/>
<p>
Because of the case for absolute simplicity, I think if anything,
it might even make sense to remove the TOFU and make ssh even less user friendly; requiring the
expected host key to be passed in on every command would dramatically increase the security of real-world SSH usage.
This might already be possible with SSH client configuration.
In order to make it more human-friendly again while keeping the security benefits,
we can create a new layer of abstraction on top of SSH, create regime-specific automation & wrapper scripts.
</p>
<p>
TLS is great, except it has one problem: the X.509 CA system centralizes power and structurally invites abuse.
Power corrupts, and absolute power corrupts absolutely. But there is hope for the future: with the invention of Bitcoin
in 2009, we now have a new tool to use for authority-free secure consensus. Some bright folks have forked Bitcoin to produce
<a href="https://www.namecoin.org/">Namecoin</a>, a DNS-like public blockchain which is
<a href="https://en.bitcoin.it/wiki/Merged_mining_specification">merge-mined</a> with Bitcoin, and which allows users to
<a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/">
register and trade names, including domain names</a>.
In fact, Namecoin features a
<a href="https://github.com/namecoin/proposals/blob/master/ifa-0003.md">
specification for associating public keys with domain names
</a>
and easy-to-use client software packages capable of resolving these
<a href="https://www.namecoin.org/download/betas/#ncdns">names</a>
&
<a href="https://www.namecoin.org/download/betas/#ncp11">
public</a>
<a href="https://www.namecoin.org/resources/presentations/Grayhat_2020/Namecoin_TLS_Part_2_Grayhat_2020_Monero_Village.pdf">
keys</a>,
capable of replacing both the DNS system and X.509 Certificate Authority system.
</p>
<p>
For more information on how to get started with Namecoin, see my
<a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/">
Namecoin guide for webmasters</a>.
For example, when we build a JSON API for capsul, we could also provide a <span class="code">capsul-cli</span>
application which contains an SSH wrapper that knows how to automatically grab & inject the authentic host keys and invoke ssh
in a single command.
</p>
<p>