-
-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test nk3 related hotp-verification patches upstream (unpaid by Nitrokey) #1866
Comments
The one i'm the most interested (Heads maintainer), per defined priorities at Nitrokey/nitrokey-hotp-verification#36 (comment) is Nitrokey/nitrokey-hotp-verification#46, starting with it. |
Ha. segfaults on nk2/lk Nitrokey/nitrokey-hotp-verification#46 (comment) |
Finally got an understanding that it doesn't make sense to not set a pin if no default pin is set at Nitrokey/nitrokey-hotp-verification#46 (comment) |
There is still two pins instead of one at Nitrokey/nitrokey-hotp-verification#44 (comment) |
A lot of misunderstanding around Nitrokey/nitrokey-hotp-verification#45 around related issues. There is no need to change pins if there is only one secure app pin which if locked requires reset, as opposed to gpg pins..... Seems like nitrokey attempts to reinvent the wheel and do patches on top of bad design. Let's review what worked before here instead of under their issues and PR, since I'm not going to participate but sporadically more and more feeling like https://vimeo.com/800938284 Under gpg:
On devices prior of nk3
Nk3:
Therefore.
TLDR...... hotp-verification should
@daringer this is heads requirements. Consequently. hotp_verification should also stop presenting false or misleading information:
That's it. Added number of hours spent on this prior of even implementing changes needed under heads, feedback received after feature freeze original date set to 2024-11-20. Everything will land in my hands at the same time, I hope everyone will understand that it's not how things should work for healthy iterative development. Tag bounty added. |
We seem to finally have an understanding (Nitrokey/nitrokey-hotp-verification#39 (comment)) that:
Therefore:
Please confirm that we have same understanding @sosthene-nitrokey @daringer @nestire and this actionaable where I can only plug in change of commits and go forward in this issue which is aimed to test until mergeable and not causing regression for nk3. On my side I implemented a workaround for now for gpg output of PINs prior of asking to unlock openpgp smartcard for signing (showing GPG User PIN rety count left before User PIN locks see latest video output #1863), and reduce support request volumes, and will apply proper safeguards under Heads as started under #1850. |
Another 5 hours today, customizing messages on Heads side and testing reset APP_SECURE_APP PIN in oem-factory reset since Adding 5 hours to the 15 in OP. |
5 hours testing Nitrokey/nitrokey-hotp-verification#43 Nitrokey/nitrokey-hotp-verification#46 under #1850 Modifying OP from 20h hours of work to 25h |
5 hours Nitrokey/nitrokey-hotp-verification#46 (comment). Changing op from 25h to 30h |
hotp-verification still not version bumped. Not doing anything. Waiting. Seems like this work won't be paid. |
Version bump testing under heads, plus testing of some commits upstreamed not part of 1.7 resulting of issue Nitrokey/nitrokey-hotp-verification#52 and other issues/PR testing under #1875 staging PR 10h more, modifying op to 40h |
Nitrokey/nitrokey-hotp-verification#51 Nitrokey/nitrokey-hotp-verification#47 are not part of hotp-verification 1.7 version bump and untested from my side. Waiting for Nitrokey/nitrokey-hotp-verification#41 Nitrokey shouldn't expect another 40h of work on my side to fix their things. As said in all those PR/issues, if this is Nitrokey decided way to collaborate, I expect Nitrokey to open PR under Heads side with tested code prior of Heads merging things upstream, not the other way around anymore without a legally bounding contract with proper seperation of duties and legal responsabilities. |
Pending fixes to be pushed under Heads by Nitrokey team forward Nitrokey/nitrokey-hotp-verification#52 (comment) I will relay issues opened by Heads users to Nitrokey forward this message. My time won't be compensated by Nitrokey. |
Physical presence requirement removal under nk3 firmware will be done later on and is under nitrokey responsibility to provide code changes under Heads in the future. Comment left at Nitrokey/nitrokey-hotp-verification#41 (comment) Which is copy of previous comment. No, it was not code I requested for fun. Nor did I spent 40 hours here because of caprice. All of the work done here on my side, including bug report, PR involvement and testing under heads were to fix regressions caused by nk3 regressions when compared to librem keys or nk2/nk1. Not going to be paid for that work nor work having led to security bug fix of hotp-verification 1.6 and nk3 firmware 1.7.1: https://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-update Tldr:
Learned. 60h of unpaid work because unplanned? As if I planned this and it was caprice? OK. We agreed that we disagree. Moving on. But not going to repeat this ever again though. |
…sion bump output parsing for <nk3 As tested working with old librem key fw 0.10: works Log entry of additioanl 30 minutes for linuxboot#1875 (I cannot not fix with my time @jans23 linuxboot#1866, since nk3 is not the only dongle support by Heads) Signed-off-by: Thierry Laurion <[email protected]>
…sion bump output parsing for <nk3 As tested working with old librem key fw 0.10: works Log entry of additioanl 30 minutes for linuxboot#1875 (I cannot not fix with my time @jans23 linuxboot#1866, since nk3 is not the only dongle support by Heads) Signed-off-by: Thierry Laurion <[email protected]>
…sion bump output parsing for <nk3 As tested working with old librem key fw 0.10: works Log entry of additioanl 30 minutes for linuxboot#1875 (I cannot not fix with my time @jans23 linuxboot#1866, since nk3 is not the only dongle support by Heads) Signed-off-by: Thierry Laurion <[email protected]>
…IN is detected Additional 0.5h for applying changes linked to code review under linuxboot#1875 Linked to Nitrokey unacknowledged RfP linuxboot#1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.) Signed-off-by: Thierry Laurion <[email protected]>
Focusing on PR content, see PR to follow white rabbit on security/UX/oem issues they solve:
Add support for nitrokey 3 distinction between the secrets app firmware and the device firmware versions Nitrokey/nitrokey-hotp-verification#43
Add pin-info command Nitrokey/nitrokey-hotp-verification#44
Add nk3-change-pin command Nitrokey/nitrokey-hotp-verification#45
Add reset command for nitrokey 3 Nitrokey/nitrokey-hotp-verification#46
hotp_verification version bump plus upstream commits not part of 1.7 under hotp-verification 1.7+non-versioned bump commit (suppression of touch status) still wrong and still repeats itself Nitrokey/nitrokey-hotp-verification#52 to suppress bogus touch related output still not being clean
40h of work and counting. Will edit.
2024-12-16: Heads-->Nitrokey work highlighted above still refused to be paid in totality without fighting as of now.
Will have call with @jans23 Tuesday 2024-12-17 after mail exchanged but dismissed, to see if we can arrive to respectful collaboration or not for the future.
In all case, in absence of co-beneficial agreement (mutualism), I will not test Nitrokey code unless it's associated to a PR under Heads from now on since Heads related work should be paid. I'm responsible for Heads, and time must be recognized/valued/paid accordingly Heads partnership should be based on biological concept of mutualism and nothing else. This work, in this issue, should not be confounded with what should be expected to be paid by profit sharing agreement (maintenance and new board porting collaboration related only). If i'm expected to fix Nitrokey stuff, then Nitrokey must pay for the past, present and in the future.
If no mutualism is possible with Nitrokey, at bare minimum commensalism would be expected.
But in no case I will tolerate parasitism from Nitrokey.
Heads usage of Nitrokey based devices started by mutialism with Purism partnering with Heads in 2018 to ease remote attestation through reverse HOTP secret sealing on USB security dongles of their rebranded Nitrokey 1 pro devices, details at https://www.linuxjournal.com/content/tamper-evident-boot-heads. Mutualism could happen again if Nitrokey recognizes their responsibility in making tamper evidence a priority again, but there is not much more of my free time I can invest into this nk3 where absolutely no collaboration from Nitrokey toward Heads (Nitrokey->Heads participation in code/money) and Where Heads invested too much time (Heads->Nitrokey) for this to be considered anything else than parasitism from my perspective at this point.
If not comfortable about those biology principles, make your head reading https://biodifferences.com/difference-between-mutualism-commensalism-and-parasitism.html
@jans23 donations expected otherwise expect less collaboration from me in the future, and future security issues discovered on my side will be associated with a CVE. I learned my lessons, and won't hesitate on going public following ethical disclosure, which i did. This was discussed in chat, in person, you don't seem to understand.
This is me reminding you that the nk3 is not a novelty product and used for security purposes, here under Heads for remote attestation. This remote attestation, through reverse HOTP to a usb security dongle under Heads, always required: authentication, reset and provisioning capabilities, and since forever forwrd plans discussed many times in the past to reduce OEM provisioning time, unattended reset+automated secret provisioning to augment strength of anti-interdiction (both hardware+security dongle in same hipping package) while reducing OEM provisioning costs: reduce time to shipment on OEM side and ease User Re-Ownership frictions while implementing best practices with even diceware passphrases (I shipped this with the Privacy Beast at first shipment back in ~2018, made conferenes about this, and that was what was QubesOS certified.)
If work leading to https://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-update was not compensated in money before (+30h there, didn't count), and as we talked at QubesOS mini-summit 2024 in person, work needs to be paid, otherwise maybe stop selling security promises or pay for security audits not relying on my discoveries that shake trust from the ecosystem and myself into secirity promises, discoveries from my side while testing other things to discover vulnerabilities/bad design/regressions in nk3 over previous security dongles. This impacts myself, Nitrokey, but also partners and the whole ecosystem, resulting in money losses from every support team depending on your security dongles, resulting in issues opened in all partners issue tracking systems, qubesos forum discussions and ping pong games between everyone; meaning downstream/upstream lost time and energies resulting in money loss by being neglectful.
The issues/PR above, and as you can see if clicking on them, needed a lot of involvement (again) ffrom my side, which was not expected/planned. I understand that it was not planned from Nitrokey either, but that is the problem. And work needs to be paid. I never consented to this in this feature freeze, nor what lead to 1.7.1 nk3 firmware when testing improvements on OEM factory reset/Re-Ownership 6 months ago either.
Details of work done here:
This can be tested under #1875 and I won't have time to split it all out, feature freeze discussed was 2024-11-20, and as of 2024-12-11 I'm still waiting for a version bump of hotp-verification to use that commit under Heads.
The text was updated successfully, but these errors were encountered: