forked from 3wordchant/capsul-flask
replace nonsensical namecoin plug with "Why ssh more ssh"
This commit is contained in:
parent
d878a07350
commit
a853eeef69
@ -301,38 +301,32 @@ Host key verification failed.
|
||||
with confidence that they are not being MITM attacked.
|
||||
</p>
|
||||
|
||||
<div class="row half-margin"><h1>It's 2021. Can't we do better than this? What's next?</h1></div>
|
||||
<div class="row half-margin"><h1>Why ssh more ssh</h1></div>
|
||||
|
||||
<p>
|
||||
Glad you asked 😜.
|
||||
SSH is a relatively low-level protocol, it should be kept simple and it should not depend on anything external.
|
||||
It has to be this way, because often times SSH is the first service that runs on a server, before any other
|
||||
services or processes launch. SSH server has to run no matter what, because it's what we're gonna depend on to
|
||||
log in there and fix everything else which is broken! Also, SSH has to work for all computers, not just the ones which
|
||||
are reachable publically. So, arguing that SSH should be wrapped in TLS or that SSH should use x.509 doesn't make much sense.
|
||||
</p>
|
||||
<hr/>
|
||||
<p>
|
||||
> ssh didn’t needed an upgrade. SSH is perfect
|
||||
</p>
|
||||
<hr/>
|
||||
<p>
|
||||
Because of the case for absolute simplicity, I think if anything,
|
||||
it might even make sense to remove the TOFU and make ssh even less user friendly; requiring the
|
||||
expected host key to be passed in on every command would dramatically increase the security of real-world SSH usage.
|
||||
This might already be possible with SSH client configuration.
|
||||
In order to make it more human-friendly again while keeping the security benefits,
|
||||
we can create a new layer of abstraction on top of SSH, create regime-specific automation & wrapper scripts.
|
||||
</p>
|
||||
<p>
|
||||
TLS is great, except it has one problem: the X.509 CA system centralizes power and structurally invites abuse.
|
||||
Power corrupts, and absolute power corrupts absolutely. But there is hope for the future: with the invention of Bitcoin
|
||||
in 2009, we now have a new tool to use for authority-free secure consensus. Some bright folks have forked Bitcoin to produce
|
||||
<a href="https://www.namecoin.org/">Namecoin</a>, a DNS-like public blockchain which is
|
||||
<a href="https://en.bitcoin.it/wiki/Merged_mining_specification">merge-mined</a> with Bitcoin, and which allows users to
|
||||
<a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/">
|
||||
register and trade names, including domain names</a>.
|
||||
In fact, Namecoin features a
|
||||
<a href="https://github.com/namecoin/proposals/blob/master/ifa-0003.md">
|
||||
specification for associating public keys with domain names
|
||||
</a>
|
||||
and easy-to-use client software packages capable of resolving these
|
||||
<a href="https://www.namecoin.org/download/betas/#ncdns">names</a>
|
||||
&
|
||||
<a href="https://www.namecoin.org/download/betas/#ncp11">
|
||||
public</a>
|
||||
|
||||
<a href="https://www.namecoin.org/resources/presentations/Grayhat_2020/Namecoin_TLS_Part_2_Grayhat_2020_Monero_Village.pdf">
|
||||
keys</a>,
|
||||
capable of replacing both the DNS system and X.509 Certificate Authority system.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
For more information on how to get started with Namecoin, see my
|
||||
<a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/">
|
||||
Namecoin guide for webmasters</a>.
|
||||
For example, when we build a JSON API for capsul, we could also provide a <span class="code">capsul-cli</span>
|
||||
application which contains an SSH wrapper that knows how to automatically grab & inject the authentic host keys and invoke ssh
|
||||
in a single command.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
Loading…
Reference in New Issue
Block a user