Lightweight alternatives to Google Analytics

Posted Jun 21, 2020 18:21 UTC (Sun) by anarcat (subscriber, #66354)
In reply to: Lightweight alternatives to Google Analytics by pabs
Parent article: Lightweight alternatives to Google Analytics

I'm not super familiar with the details, but there's a similar problem with SSH, I believe. When you authenticate to a server with public key authentication, either the server or the client at some point need to disclose which public keys are authorized or to try to authorize. When we do server authentication (ie. regular HTTPS) this doesn't matter: the site is public and it's not trying to hide its identity, it's trying to *prove* it to the world!

But when you're a client, you have different tradeoffs. You don't want to send that certificate everywhere all the time, because it acts as a unique token that can be used to track you across websites. Firefox has rudimentary protection against this: when I go on a site that wants access to my TLS client cert, it first prompts whether I want to actually authenticate with my cert. But that UI is terrible: it pops open all the time, at random moments, and doesn't remember the "yes I trust this site" checkbox, which seems to do nothing.

It's also not clear to me whether the server actually knows about my client cert at this point or whether the dialog is actually effective in not disclosing my identity. And that's just on firefox, which has some support for TLS client certs. I suspect the situation could be catastrophically worse on other servers.

I will also note that SSH does not have those protections *at all*. It will happily send *all* the public keys it knows about when trying to login to a random server, which is kind of disturbing when you think about it:

$ ssh -v lwn.net
[...]
debug1: Next authentication method: publickey
debug1: Offering public key: cardno:N RSA SHA256:XXXX agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Offering public key: rsa w/o comment RSA SHA256:XXXX agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
[...]

No confirmation prompt whatsoever here. And they would be annoying too... i guess SSH expects you to divulge your public key identity when you connect to a server... but in the wild wild web, it seems like a delicate thing to do, so I wonder if a good usability trade-off is possible at all here.

Lightweight alternatives to Google Analytics

Posted Jun 22, 2020 3:29 UTC (Mon) by pabs (subscriber, #43278) [Link] (1 responses)

IIRC for SSH the solutions to this are either separate SSH agents per identity or the IdentitiesOnly option.

I guess if web browsers wanted to they could easily mitigate this by pinning each cert to the domain it was created for and only ever sending it to that domain.

Also, I wonder if the client cert is in the clear in the TLS handshake, or if Encrypted Client Hello (new name for ESNI) is needed to hide them.

Lightweight alternatives to Google Analytics

Posted Jun 22, 2020 14:58 UTC (Mon) by anarcat (subscriber, #66354) [Link]

> IIRC for SSH the solutions to this are either separate SSH agents per identity or the IdentitiesOnly option.

I suspect near-absolutely no one does this...

> I guess if web browsers wanted to they could easily mitigate this by pinning each cert to the domain it was created for and only ever sending it to that domain.

Assuming they cared about client certs at all...

> Also, I wonder if the client cert is in the clear in the TLS handshake, or if Encrypted Client Hello (new name for ESNI) is needed to hide them.

I would assume the worse. ;)