Re: Should we employ WebID authentication only with Self-signed certificates?

+1 on all that Andrei, said below, with one minor comment.

On 31 Jan 2013, at 09:58, Andrei Sambra <andrei.sambra@gmail.com> wrote:

> Hi Yunus, and thanks for showing interest in WebID. I'm responsible for MyProfile so I'll do my best to reassure you about several things.
> 
> I think that what you are fearing here is out of scope in the case of WebID. The whole point of WebID-TLS is to avoid having to rely on a PKI (CA), and in turn move towards a web of trust system, similar to GNU PGP. During the WebID TLS authentication, you never need to check the issuer. 

We still need CAs so that clients can verify the server. This requirement for CAs for server authentication should one
day no longer be the only option, when DANE is adopted in browsers and eleswhere
http://datatracker.ietf.org/doc/rfc6394/
http://datatracker.ietf.org/doc/rfc6698/

> 
> The OpenSSL manual states that error 21 means "no signatures could be verified because the chain contains only one certificate and it is not self signed". This is normal behavior, since MyProfile certificates are issued by a local CA with absolutely no intent to validate this CA by anyone, at any given time. However, error 21 does _not_ mean that your client certificate cannot be verified. The only verification that is performed during the TLS handshake is that your certificate's public key matches its private key. So you see, you can't really have a PKI MiM attack here. :-)
> 
> I hope I've been as clear as possible. If you still need more information, please look up the WebID spec, for details on its TLS authentication. http://www.w3.org/2005/Incubator/webid/spec/
> 
> Best,
> Andrei
> 
> 
> 
> On Wed, Jan 30, 2013 at 3:46 PM, Yunus Durmuş <yunus@yanis.co> wrote:
> Hi,
> 
> The integrity of a PKI certificate is checked by the signature of the CA. If the certificate of the CA is missing in the chain then we can use the WebID authentication (if the certificate involves a WebID URI). However, since we do not trust the CA, we cannot trust the signature either.  As a result, we may authenticate a certificate owner by employing WebID authentication, but we cannot be sure of the integrity of the certificate. Does WebID handle integrity in a different way?
> 
> Detailed explanation is as follows: 
> 
> I am converting EAP-TLS wifi authentication to allow webid authentication and authorization. I use Hostapd opensource software and hostapd uses openssl. 
> When openssl cannot authenticate a certificate, it calls a "verify_callback" method and in which I place webid authentication. Openssl calls the verify_callback method for every error of a certificate in case we may want to apply different security measures. 
> Anyway, if the certificate is self-signed, I get error 18 (self-signed error) and continue with Webid.
> However, if I use a certificate signed by a website, let's say from my-profile.eu, it raises three errors:
> 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
> 
> 
> the root CA is not marked as trusted for the specified purpose.
> 
> 
> 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
> the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
> 
> 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
> no signatures could be verified because the chain contains only one certificate and it is not self signed.
> 
> Since the signature of the certificate is created by using private key of my-profile.eu and my-profile is not in the certificate chain, openssl warns me about the above problems. Normally, I was ignoring those and keep going with WebID. However, I realized that error #21 can lead to a man-in-the-middle attack since we are not checking the integrity of the certificate.
> 
> 
> Best Regards
> yunus
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Thursday, 31 January 2013 09:07:50 UTC