Originally created by Tails on #5763 (Redmine)
The Monkeysphere project now proposes a working infrastructure (validation agent, Iceweasel plugin) for validating HTTPS certificates using the GnuPG web-of-trust.
We now install
into the system. Monkeysphere is setup to use a hkps:// keyserver.
Next things to do
We have to wait for a decision regarding which candidate(s) we want to support for the web browser profile with no CA (#5766 (closed)).
The key problem is… the key: monkeysphere trusts a server’s key if and only if it is signed by a fully trusted key. I think there are two usecases out there:
The people who use (asymmetric) GnuPG in Tails already deal with their keyring and its persistence (#5910 (closed)). They would have to sign the keys for the servers they want to authenticate, persist their keyring somehow, and be done with it.
Quite harder. These ones won’t bother signing keys and so on. They still might be interested in Monkeysphere but they will need to rely on an external authority to sign server keys. As Tails users they already (hopefully) trust Tails developers not to add spyware to this system. They might as well trust them to carefully verify and sign server keys. A possibility is then to mark our own key as fully trusted in the default amnesia user pubring.
Thinking a bit more about it, I’m quite strongly opposed to do that: it would put the Tails developers’ signing key into a "single Certification Authority" role, which I consider to be unhealthy. Trusting the same people and technical infrastructure for software and server authentication is a bit too much and would make the whole Monkeysphere idea meaningless, kind of. —intrigeri
Note: due to Tails developers incapacity to carefully check that many keys with reliable trust-paths, Tails out-of-the-box Monkeysphere support for https will be quite poor. This can be seen as a problem; on the other hand it demonstrates how weak the servers authentication process really is unless you take care of it yourself and reclaim your trust-paths!