From a853eeef69bd892e0fe4bdc7c0f8df778023b2f7 Mon Sep 17 00:00:00 2001
From: forest
- Glad you asked 😜. + SSH is a relatively low-level protocol, it should be kept simple and it should not depend on anything external. + It has to be this way, because often times SSH is the first service that runs on a server, before any other + services or processes launch. SSH server has to run no matter what, because it's what we're gonna depend on to + log in there and fix everything else which is broken! Also, SSH has to work for all computers, not just the ones which + are reachable publically. So, arguing that SSH should be wrapped in TLS or that SSH should use x.509 doesn't make much sense. +
++ > ssh didn’t needed an upgrade. SSH is perfect +
++ Because of the case for absolute simplicity, I think if anything, + it might even make sense to remove the TOFU and make ssh even less user friendly; requiring the + expected host key to be passed in on every command would dramatically increase the security of real-world SSH usage. + This might already be possible with SSH client configuration. + In order to make it more human-friendly again while keeping the security benefits, + we can create a new layer of abstraction on top of SSH, create regime-specific automation & wrapper scripts.
- TLS is great, except it has one problem: the X.509 CA system centralizes power and structurally invites abuse. - Power corrupts, and absolute power corrupts absolutely. But there is hope for the future: with the invention of Bitcoin - in 2009, we now have a new tool to use for authority-free secure consensus. Some bright folks have forked Bitcoin to produce - Namecoin, a DNS-like public blockchain which is - merge-mined with Bitcoin, and which allows users to - - register and trade names, including domain names. - In fact, Namecoin features a - - specification for associating public keys with domain names - - and easy-to-use client software packages capable of resolving these - names - & - - public - - - keys, - capable of replacing both the DNS system and X.509 Certificate Authority system. -
- -- For more information on how to get started with Namecoin, see my - - Namecoin guide for webmasters. + For example, when we build a JSON API for capsul, we could also provide a capsul-cli + application which contains an SSH wrapper that knows how to automatically grab & inject the authentic host keys and invoke ssh + in a single command.