CAcert needs your help with the following tasks. You can register yourself on this wiki page when you want to work on it.
Priority Tasks:
Other Tasks:
Robust SSH library
A robust library that provides full SSH capabilities (SSH-Tunnels, ...) that can be used in other applications, and the necessary wrappers for common languages like PHP, Perl, ...
Action logging
We would like to have a system that collects login-sessions on Unixoid servers (SSH + local sessions), and asks the administrator what he actually did in that session, to collect a report of who logged in when, how long and what they did.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
Possible solutions include scripting sudo, using a shell like sudosh with rc script or sudo alternatives like http://www.sudo.ws/sudo/other.html (samj)
- Yes, a sudosh script as an additonal mechanism to ease documenting helps, but the main system should also work in case the user does not enter anything in the sudosh script, or does not use sudo at all. Perhaps we will also want to document other actions like file-transfers (scp, sftp) in the future.
- For shells, the BSD script utility might be useful here. ("The script utility makes a typescript of everything printed on your terminal.") (freek)
ELF Signing and ELF-Loader-Signature Verifying
We would like to have X.509 and/or OpenPGP based ELF signing tools and improved ELF-Loaders that can enforce signature verification on load. There are several projects that are working on it, but none seems to be complete yet: http://wiki.cacert.org/wiki/CodesigningCert#head-6bbdb82bb3228b4a676f589f48b9c0e1d1fefff2
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
- Could be interesting to handle validation in userspace and mark validated executables as 'safe' until notified of modification. (samj)
- Yes, caching the validation in a secure way might be helpful for lower-security demands. Higher security demands might want to turn caching off, though.
Maintenance for Havege
Havege should be maintained, improved, packaged and if possible included into mainstream kernels: http://www.irisa.fr/caps/projects/hipsor/
Contact for this task: philipp@cacert.org
- Working on it:
proposal : using havege lib with randomsound or getting ideas from randomsound to feed /dev/random
Secure Compression
We are seaching for a compression system (library, ...) which does not contain any checksums, avoids any recognizable structures in the compressed file as far as possible, and where every file is a valid compressed file that can be decompressed correctly. The compression factor should be similar or better than ZIP, but must not be better than ~ 1:100, even with extremely low entropy files.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
Depending on application, existing compression & truecrypt or similar could be an option. (samj)
- No, we specifically do not want to use encryption functions to replace compression function. We specifically want a compression function.
- Question: Do you expect decompressing any file and recompressing the result will yield the original file (otherwise you would know that your original file has not been compressed by this library before)? That will make a solution a lot harder. My intuition says it is impossible (or, in other words, it will only work in the trivial case when the compressed files are always the same size as the uncompressed ones, in which case it is no compression but an encryption), but as I fail to prove it mathematically, I might be wrong. Especially if the file may only grow by less than one percent in the worst case (as it is with ZIP).
Answer: No, I would say that we do not need that a decompression and recompression has to yield the original file. And there is one system that prooves that it is not impossible: The so called NULL compression. The NULL compression yields the original file
Firefox Extension for HashServer
We would like to have a Firefox Extension that extracts the public key from each certificate Firefox processes, calculates the SHA-1 sum of it, and looks it up in a blacklist that is regularly updated from http://hashserver.cacert.org/ In case a compromised key is found, the user is alerted.
Contact for this task: philipp@cacert.org
Working on it: david.tamas@phpheaven.hu (G-Lex)
Encrypted Logfiles
We need a solution for Syslog, Apache and potentially other applications to automatically encrypt all their logfiles to a given public key. We already thought about other solutions like serial links to a dedicated syslog server, or syslog over TCP, but we prefer to store the logfiles directly on the server where they are created, encrypted to a public key. The secret key to decrypt the logfiles should be generated on a dedicated machine. In demand of logfile auditing, the encrypted logfiles should be copied to the dedicated machine, where they can be decrypted and audited. An attacker that succeeds to gain access to the webserver should not be able to decipher the logfiles on the server. All logfiles on the server can be encrypted to the same public key, we currently don't need different settings per logfile. It should be easy to deploy it on a normal Debian+Apache+Postfix server, to install the software and deploy the public key, and to have all logfiles encrypted from then on. Compatibility with OpenPGP Public keys (or X.509 certificates, or even SSH keys) is preferred, but not a requirement. (Perhaps GnuPG can be used directly by syslog in some way?).
Contact for this task: philipp@cacert.org
Working on it: nagy.gergely@gnanet.net (GNA)
- Comments:
- First, we should somehow separate the discussions from the tasklist
- We could also use hybrid encryption with regular rekeying of the symmetric key. I think we could encrypt several lines in the logfile together. (Maybe i'm too few to it, but what is hybrid encryption in this context? -GNA) (hybrid encryption = random session key for symmetric encryption + asymmetric encrypted session key. See OpenPGP or S/Mime for examples) I have read a bit about that, so i understand. Still i have problems how to implement it in a data stream like syslog. I would need to create logchunks which would be then separated into small sets of logfiles that can be encrypted. In that way we would not need anything other than gpg in asymetric mode, but we would get a lot of logfiles. Still, because i'm not a programmer there may be a point i'm missing.
- Maybe we should go an other way: let the logs created with symmetric encryption so they can be encrypted byt-by-byte, but afterwards let a hashing algorithm create an integity sum, and store the first hash in a safe place. Then we have encrypted logs, and can check for integrity. (-GNA) - I haven´t found any safe places for storing hashes yet. Perhaps TPMs could help there, but I doubt it. And hashes only provide tamper-evidence, not tamper-prevention. - I only thought the symmetric encryption would be tamper prevention, and the hashing (like in mysyslog) would do the integrity.
- Another solution might be to use existing infrastructure by generating a random symmetric key at boot, encrypting the key to the public key and storing it, then using it to create an encrypted filesystem and protecting that filesystem from reads (eg make it write only using eg an LSM). Also check out TPMs. Sounds complicated though when syslog could be used. [samj]
- The main objective is confidentiality. Integrity is optional. Perhaps OpenPGP is able to concatenate several encrypted packages after each other in a single file. So perhaps you can encrypt every line, and simply add it to the logfile. Since OpenPGP is packet oriented, it might work.
Potential solution: http://www.balabit.com/network-security/syslog-ng/ Potential solution: http://ecryptfs.sourceforge.net/ (if it can (be made to) work on public keys alone)
Perhaps ccrypt (comes with Ubuntu) could be used?
Translatable Wiki
Please read http://svn.cacert.org/CAcert/HowTo/HowTo_Translingo.pdf and try it out on www.Translingo.org We are searching for a Wiki engine that is able to either use Translingo to translate the contents on the wiki, or to do a similar translation system internally. Please search for Wikis with translation functionality, test them, and provide a report about it.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
Potential solution: Drupal http://drupal.org/project/drupal_wiki http://drupal.org/handbook/modules/translation
- Google Translation APIs are now available which could do this at runtime and/or cache pages (samj)
- URL to google translation APIs please.
Here it is: http://code.google.com/apis/ajaxlanguage/
Subversion Mimetypes
Find a solution to automatically set the mimetypes of newly added files (.pdf -> application/pdf , ...) on the subversion server. The problem we have is that we have too many different users with too many different clients, so it's impossible for us to tell every user to configure their client correctly to send the mimetypes correctly in the first place. Most clients automatically send application/octet-stream as mimetype, which makes the Apache-modsvn access difficult for the users.
Contact for this task: philipp@cacert.org
- Currently working on it: J.Steijlen
- Comments:
LUKS Security
Find a solution to tell LUKS/DM-Crypt in case of emergency to wipe all the keys in memory, block disk access, and ask for the passwords on the console again. Perhaps a /proc file interface like /proc/sys/dmcrypt/emergency would be helpful.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
- Since a script will likely be talking to /proc, why no do this in a script to start with. Good idea nonetheless. (samj)
- How can a script wipe the keys inside the kernel? With /dev/mem or /dev/kmem ?
Assumption was that the tools themselves (eg for unmounting) would do this but they could fail... you basically want a forced umount which prefers confidentiality over integrity. Hook that to an internal (USB?) accelerometer, a photodiode, case intrusion switch and a microphone for good measure and you'd make life *very* difficult for an attacker (samj)
- Unmounting isn't a good option, since it breaks running applications. Instead of unmounting, it should wipe the keys in memory and block all disc accesses until the password is entered again. That way the applications do not need to crash.
LUKS Robustness
Currently LUKS is usually using hardcoded devicenames, which causes a problem when race-conditions result in randomly different devicenames upon booting (/dev/sda <-> /dev/sdi). In those cases LUKS doesn't find the encrypted harddisk anymore, and can't boot. Find a solution that LUKS does not depend on the hardcoded values anymore (perhaps still use them as default for the first try, but the encrypted partition isn't found there, then fall back to search for it on all other available devices) The solution should be then incorporated into Debian and Ubuntu (which are both affected by that problem)
Contact for this task: philipp@cacert.org
- Working on it:
New Blog Software
A task for our new sysadmins: We are thinking about migrating blog.cacert.org to Mephisto: http://mephisto.stikipad.com/ Please setup a Wordpress installation, create a few users, post a few blog-entries. Then try a migration to Mephisto, and see how it behaves. Create a Debian package for Mephisto in case there is none yet.
Desirable Requirement: X509 authentication
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
I had bad experiences with mephisto in the past. I reported some trivial xss and they didn't manage to fix it for a long time (CVE-2007-1873). My suggestion would be [http://www.s9y.org serendipity], I reported some exotic xss to them and their security practice was always okay. (Hanno)
- Created an account at wordpress.com for testing - could be used for main page of site given recent outages. (samj)
Testsystem Image
We currently have a single testsystem on the internet: https://www.test1.cacert.at/ The sourcecode of the website is available on http://www.cacert.org/src-lic.php but it's very hard to setup into a working environment. We would like to have a VirtualBox/Qemu/VMWare image which includes a whole testsystem, so that every developer can easily setup a testsystem on his own machine, and that the developers don't interfere with each other.
Can we please document the version control and processes used to deploy new version? I think a system image that had the ability to svn pull the latest updates would be good so our developers aren't constantly needing to pull a new image.
Contact for this task: philipp@cacert.org
Working on it: amery@cacert.org
Secure VPN
We are searching for a vendor that is able to deliver a secured Point-to-Point VPN solution that is designed for high-security environments. We are interested in 2-4 VPN boxes, with the following requirements: Strong casing, hardened TCP/IP stack, double encryption, no web-frontend, no IPSEC, independent security reviews (sourcecode availability preferred). Layer 2 bridging availability would be great. Must not allow internet access for any of the 2 networks that are connected through the VPN. It would be preferred to have the VPN in a Network-HSM style casing. A potential product: http://www.flexsecure.de/ojava/tunnelbox.html
Contact for this task: philipp@cacert.org
- Working on it:
Evaluate Sympa / Maillist requirements
Sympa promises to provide searchable archive, x509 capabilities, better ACL, better interface, and much more. Please evaluate those features, and a migration of Mailman to Sympa regarding for the CAcert infrastructure.
- Contact for this task: daniel
- Working on it: daniel (installation, admin, coordination)
- Working on migration mailman to Sympa: Clement Herssens as per sysadmin list dated 1 July 2008
- Comments (general configuration):
See post to sysadm list about http://sysadmin.ie deployment (samj)
- List archiving)
At the moment we are providing the standard mailman archive, but since we don't want to make it fully publicly accessible (spidering, spamming, ...), it's currently login protected for members of the mailinglists, and Google and other search engines can't index it and make it searchable. The standard archive interface of Mailman doesn't provide searching, so finding a solution for giving our users a search-interface to the mailinglist archive would be the idea.
- Comments (searchable archives)
- Many of our dicusssions are interesting for the community at large, and as someone who has invested hundreds of hours into them I would rather this be available to other similar efforts. Google Groups support archiving and prevents email harvesting. Implementation is trivial, by creating a group, setting it to archive mode and subscribing a specified email. (samj)
We sometimes get requests to remove personal details that were accidently sent to the mailinglist from the archive. Does Google support that? Yes, there are standard management functions. See http://media.aos.net.au/screenshots/google-groups-remove.png
Suggest migrating to Google Groups and running existing archives through a scan for emails, replacing them with mailhide links (http://recaptcha.net/apidocs/mailhide/) and putting them online for search assuming there are no concerns about publishing existing content. (samj)
- Comments (spam)
- Moderation sucks - it is a conversation killer. If it smells like spam then bin it. (samj)
- Spam is being moderated, non-spam is delivered unmoderated. Unmoderated Spam-Filters are conversation killers.
- Still, having mails held for whatever reason (attachments, size, etc.) means you are put in a holding pattern. It also generates work and we have limited resources already. (samj)
- Spam is being moderated, non-spam is delivered unmoderated. Unmoderated Spam-Filters are conversation killers.
- Moderation sucks - it is a conversation killer. If it smells like spam then bin it. (samj)
Bugs.cacert.org
All public CAcert services should support X509 authentication / registration either directly or via OpenID or similar technologies.
Contact for this task: daniel@cacert.org
- Working on it: none
- Comments:
- Rely on mod_ssl to set variables like SSL_CLIENT_S_DN which can be compared to user email in mantis. User signup form should drop email field and pick it up from here instead, so users can sign up automatically using certs too. Should be trivial code changes. (samj)
- Needed Code-changes should go into the official packages
Ok so it seems the path of least resistance for us wrt solving many of the interoperability problems and 'eating our own dogfood' is to use gnutls with apache (rather than mod_ssl) and hack cacert.org, mediawiki, wordpress, etc. to consult the SSL_CLIENT_S_AN% variable(s) for any prefixed with "RFC822NAME:" (or perhaps for simplicity just use SSL_CLIENT_S_AN0): http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#environment-variables (samj)
mod_ssl seems to have variables too http://httpd.apache.org/docs/2.0/mod/mod_ssl.html. http://trac.roundcube.net/ticket/1485224 contains a implementation for another service. I guess here we would just say "you've presented this certificate - complete registration with xxx email address?"
- Actually once the cert is presented you can force them through registration without bothering them with probes etc. This is one of the big advantages of certificates (and OpenID). On the other hand people should still be able to /view/ the bugs without having to jump through hoops.
community.cacert.org
All internal CAcert services like pop3s/imaps and SMTP should support X509 authentication rather than depending on another username/password. Documented SystemAdministration/Systems/Community. Need to move the comments there.
Contact for this task: daniel@cacert.org
Working on it: daniel@cacert.org (delayed as working on public services has priority)
- Comments:
- Web interfaces are one thing, but assuming one gets IMAPS/SMTP working with client certs (eg using stunnel), client support is your next problem. (samj) (I actually got kmail to do it - dan. Its a good question though)
- How can someone get a certificate if he has to proof that he has access to the mailbox, when he only gets access to the mailbox when he has a certificate?
- Fall back to password auth (e.g. use another address to get a CAcert for the initial connection)
- I would prefer certificate + username + password instead of only certificate, due to possibly compromised client keys and CSRF attacks.
We should be adopting and encouraging best practices - if the client key is compromised then the password typically is too, and you're toast after CSRF anyway so this buys little. If you're paranoid then use a smartcard - CAcert could even offer them as part of a paid membership package ala FSFE (https://www.fsfe.org/card/) and this could be required of assurers. (samj)
- eventually the latester versions of apache (2.2.8?) support OCSP for revocation
The webmail https:// should use X509 authentication (though webmail relys on imap for authentication so it could be interesting) (done - in latest stages of testing and waiting for next roundcube release - see SystemAdministration/Systems/Community).
wiki.cacert.org
All public CAcert services should support X509 authentication / registration either directly or via OpenID or similar technologies.
Contact for this task: daniel@cacert.org
- Working on it: none
- Comments:
- This should be fairly straightforward by picking up SSL_CLIENT_S_DN et al courtesy mod_ssl. As an aside, a section of the wiki for client cert enabling various products should exist. (samj)
Full Disk Encryption for OpenBSD
We could need a full disk encryption system for OpenBSD, preferably integrated into the installation process like Debian/Ubuntu Installer does it.
Contact for this task: philipp@cacert.org
- Working on it:
Syslogging through Vserver
Write a HowTo for piping all syslog messages from all linux-vserver guests to the syslog server on the vserver-host, so that the logfiles are out-of-reach of the linux-vserver guests. Unix-Domain Sockets / Pipes are highly preferred. Up to 30 vserver-guests are needed. Automatic addition of new guests when new vhosts are created would be very helpful.
Contact for this task: philipp@cacert.org
Working on it: daniel@cacert.org
- Comments:
Could this be as simple as mknod'ing /dev/log as you would for a chroot? Close: http://www.paul.sladen.org/vserver/archives/200205/0089.html
Note that a syslogd daemon can setup multiple /dev/log socket. or you can use hard links to setup /dev/log using the root server /dev/log in every vserver. This way, logging would go to the root log files.
- I ended up using just a network syslog on the same box for transtition. There were some difficulties with the /dev/log that I couldn't quite work out though i assume its still possible.
This could be used in a high security setup, where logging become invisible to a vserver (and thus an attacker wanting to cleanup).
Even better with vserver's you can do a read only bind mount that gives the original vserver the ability to view its own logs but not modify them (certianly helps the sysadmin working on it).
file /etc/vservers/cacert-mail/fstab: /var/log/IP /var/log/remote none ro,bind 0 0
Also allows you to reexport the log directory into a monitoring vserver still with readonly access.
Database optimisation
Investigate how we can tune our database and the database queries.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
Currently http://cacert.org/stats.php seems to be generated for each hit (it takes ages). This info should be cached, even if just by using curl/wget from cron to spit out the page every hour/day/etc. There may be other long running queries hurting us. (samj)
- or have a stats table where changes that effect it are caught by a database trigger to update it (daniel).
Unicode
CAcert wants to migrate to Unicode. Please join http://wiki.cacert.org/wiki/UnicodeTaskForce if you are experienced with Unicode.
- Comments:
- New systems should be unicode friendly.
IPv6
CAcert wants to offer it's services on both IPv4 and IPv6.
Contact for this task: philipp@cacert.org
- Working on it:
- Comments:
- Most recent distros/packages have IPv6 support that just needs to be enabled. Agreed this is a noble cause. (samj)
- And how would that change the DNS records in the cacert.org zone?
- Our software needs to talk IPv6 before we do anything like that (samj)
- And how would that change the DNS records in the cacert.org zone?
For more information : IPv6
- Most recent distros/packages have IPv6 support that just needs to be enabled. Agreed this is a noble cause. (samj)
CAcert Feature Requests and Bugs
Developers please also see http://bugs.cacert.org/ whether there are any outstanding requests that are missing patches for them. Please develop patches for the open requests. Sourcecode is available from http://www.cacert.org/src-lic.php
Contact for this task: philipp@cacert.org
- Working on it:
Completed / Closed Tasks
Porting CSRGenerator to Win32
We could need a port of the http://wiki.cacert.org/wiki/CSRGenerator to Win32. It would be nice to have an easy GUI for it, where the people can enter the domainnames. Automatic Deployment into IIS would be great too. Win32 version is available here: http://www2.futureware.at/~philipp/CSRGenerator.zip
Data nymisation (obfuscation???) management
(Nymisation is our new word that covers both anonymisation and pseudonymisation. If you know a better word, please let us know) We would like to be able to have a nymisation system, which is able to synchronously nymisate data of various data-transfers and databases for testing and development environments, which supports various different nymisation scenarios. The challenge is that we have several networked applications (CATS, www, secure, tverify, ...) which contain related data, and communicate about related data. For differnet kinds of tests, we want to be able to apply different rules for anonymisation (eg. Some tests don't need any names at all, so we can strip them off completely, for some tests it's enough if we randomly mix all firstname with each other, or all lastnames, ...). The idea is to create proxies and agents that are centrally managed. The proxies are put in place between 2 systems that are communicating through filetransfer (XML,CSV), HTTP, and potentially other interfaces like RPC, ODBC, ... For training mode, the proxies should pass through all data, and learn the structure of the data that is passed through. When activated through the central management, the proxies anonymise/deanonymise the data according to the rules. The agents are able to load data from one place (database) and store it somewhere else. (Similar to proxies, but active).
httpdate
A Debian package containing http://www.stud.uni-karlsruhe.de/~ucbdo/httpdate.en.html to be run either as a cronjob. I just found an alternative software: http://freshmeat.net/projects/htpd/
Was working on it: JesperZedlitz
- Comments: by Daniel
- Although its small and does not seem to contain any implementation problems (my perl isn't that strong btw), i think its got a few design flaws that normal ntp has seen and solved.
- it is dependent on a single time source. there is no comparison or peer selection of the most constant clock.
- it has not mechanism preventing sweeping time changes if the one time server, accidently or maliciously, changes to a different timezone.
- fails to use adjtimex system call to move to a new time in a tolerable way for most applications.
- (minor) - logging is very poor - no syslogging. If the print statements were changed to syslog there would be an abundance If small changes making log analysis, if we ever get there, really ugly.
- The effort benefit ratio for a deliberate time disruption of a server is fairly low. While it can stuff up some kerberos issues the overall benefit to an attacker is minimal. The attacker may be using a blind attack and therefore won't know the outcome.
- As such I think time adjustment threats would seem to be more accidental than deliberate. This implementation of httpdate has very low resilience to accidental time-server changes. I therefore suggest that NTP in general is far more resilent to the threat environment. Implementations like openntpd have a good security history and hopefully the expose to provoke a thorough security review.
- Although its small and does not seem to contain any implementation problems (my perl isn't that strong btw), i think its got a few design flaws that normal ntp has seen and solved.
- Ok, second task: Please add HTTP support to NTPD
- Why bother? Is the stateful nature of HTTP so sexy?
- Yes, there are 2 good reasons, the availability and the inconspicuousy of the HTTP protocol.
- does the current situtation not support firewall matching UDP rules?
- Some firewalls and firewall admins don't like UDP.
- How do you consider the threat scenario such that HTTP NTP will mitigate the threat?
- An attacker that specifically wants to attack a time/NTP-consuming system
- Is this going to be another stale task like 'Detection for register_globals usage' that where we won't implement a 98% percent solution because of some essertic case and then we loose time?
- httpdate has been packaged already, so we could close this task now.
- Why bother? Is the stateful nature of HTTP so sexy?
Detection for register_globals usage
Find or develop a solution for a PHP module (perhaps Suhosin or similar), that writes logfile entries with filename+linenumber of all usages of globals that were registered through register_globals The current detection solutions of turning it off and looking for things that break isn't sufficient. Perhaps the tainting concept of Perl helps to solve this task (by tainting all registered globals, and reporting tainted variables on usage.
- Comments:
If this is done then this task can be archived. (samj)