SSL and TLS: Designing and Building Secure Systems 36
SSL and TLS: Designing and Building Secure Systems | |
author | Eric Rescorla |
pages | 499 |
publisher | AddisonWesley |
rating | 9 |
reviewer | RantyDave |
ISBN | 0-201-61598-3 |
summary | Eric Rescorla talks us through SSL, from firstconcepts thru protocol all the way to example code. |
The Scoop
Until recently SSL was the black art on the Internet. The (not incidental) details were passed around almost as word of mouth leaving only a few individuals actually able to implement secure services and the rest of us staring at ethereal in bewilderment. It stops right here. Eric Rescorla starts at the very beginning and takes us at breakneck pace through to full byte-by-byte implementation of SSL, HTTP over SSL and anything halfway relevant along the way. Written in the tradition of 'TCP/IP Illustrated' expect clear diagrams, copious code samples (OpenSSL and Java) and ruthless attention to detail.What's to Like?
Two words: Horse's mouth. Rescorla is the author of RFC's 2659, 2660 and 2818 (HTTP over TLS). Also the Java PureTLS toolkit (free), ssldump (free), some commercial toolkits and parts of Nokia's SSL offload boxes. In short, he knows his stuff and it shows.One way it shows is that you'll never be short of an explaination. Every third paragraph seems to be why it is that we do something, and for me at least this is almost as relevant as what. This leads naturally over to discussion of the historical perspective of SSL/TLS and a surprisingly neutral standpoint with even our friends in Redmond getting credit where it's due. The correctness also shows with the book being fully up-to-date with the patent and export situations, although obviously this may be subject to a sell by date.
The performance chapter gives actual figures on a variety of algorithms and platforms (mostly FreeBSD and OpenSSL) and is major slashdot fodder.
What's to not Like?
Very little. I would have liked to have seen a brief mention of (/usr/ports/security/)stunnel as a quick'n'dirty SSL wrapper or offload box. I also found the line-by-line coverage of mod_ssl's session caching code (end of appendix A) a bizarre choice - or are we being given hints towards transparent failover?What's to Consider?
This is a large, complex subject and although the writing is clear, you're looking at a long and fairly steep learning curve. If your hope is to get mod_ssl up and going on a cable modem, this is not what you need. If, OTOH, you were looking to contribute to mod_ssl, this would probably be a good starting point.This is no quick fix or howto, it's about understanding. Be prepared to take a little while and let it all sink in.
The Summary
Hard work, but worth it. Worth the price of admission just to use Chapter 1 as a companion to Cryptonomicon.
Table of Contents
Security Concepts
Introduction to SSL
Basic SSL
Advanced SSL
SSL Security
SSL Performance
Designing with SSL
Coding with SSL
HTTP over SSL
SMTP over TLS
Contrasting Approaches
- Example Code
- SSLv2
You can purchase this book at ThinkGeek.
Keep in mind that... (Score:1)
This is to say that you shouldn't necessarily feel safe because a site allows you to submit information through SSL. The real question is, once the information is safely transited to the online store, how safely is it stored?
SSL/TLS is only a tiny part of the solution (Score:1)
A big problem is that many people assume that if the site is SSL protected, then your data is secure. This is far from the truth! SSL is only a tiny part of the solution for creating a secure web site.
For example, imagine you are entering your credit card info for your favorite online retailer. You see the little lock in the corner of your browser. Maybe you are one of the very few people who actually double-clicks on that lock to view the information about your SSL session and the servers certificates. Heck, maybe you're really smart and even have server certificate revocation checking enabled (assuming your browser supports it.) You're happy that your credit card information is being encrypted and is safe as can be.
But in reality, that credit card number is only encrypted as it travels from your web browser to the web server. As soon as it hits the web server, it is decrypted. And of course, no ecommerce site uses single webserver for its entire operation. So now your unencrypted credit card number is sent over a network to a datbase. And then it's extracted and sent over the network for validation. And then it's sent over the network to generate your confirmation email (but they nicely X out the last 16 digits to make you feel safe.)
SSL was a nice, easy little system to make people feel secure, but it's time has come and gone. We need a system that will allow -persistant- encrypted data. I want to be able to encrypt data on my web browser, and have it stay encrypted all the way to that back-end database. The web server has no need to decrypt it.
Disclaimer: I work for Entrust. We work on this stuff.
Re:The nastiest bit about SSL... (Score:1)
While I totally agree with you that this is a very nasty problem, I dont understand why you impute a "cash cow" motive to not fixing this. Fixing this problem is non-trivial. The fundamental problem with virtual hosting and SSL is that the ip-address (from the ip-level information) is used by the webserver to derive the decryption key that needs to be used to decode the payload. However, with virtual hosting, the ip-address points to many domain names, and thus is not sufficient information to determine the decryption key. The Host header, which would be useful for this, is encrypted within the payload.
Now, you may argue that the SSL protocol could be "fixed" by taking this information outside of the SSL encapsulation and placing it in a plaintext form (as part of an un-encrypted SSL "header"). This would break the HTTP protocol. If this information is merely duplicated, the problem would be solved - but only for HTTP. Remember that SSL can be associated with any TCP based protocol, and for this solution to work, the SSL client would have to determine which protocol is being used, then determine on the basis of this info, which information would have to be duplicated outside of the encrypted payload. This is not a good engineering solution.
Perhaps you have thought of a better solution?
Re:Can someone clear this up for me? (Score:2)
In any case, the two products do the same thing (ie, turn Apache into an https server) and seem to work just as well, so use whichever you want.
--
Re:What about certificates? (Score:2)
Until it's possible to remember everything you need to know to auth, or everyone carries some token we're not going to have widespread use of anything more than a password.
Re:What about certificates? (Score:2)
On the other hand, we used a private CA, and nobody really squealed about it. Turns out IE and Netscape's handling wasn't so bad.
I agree that this could be another great opportunity for the porn industry to show leadership.
--
Re:Keep in mind that... (Score:1)
Re:The nastiest bit about SSL...opps (Score:2)
My bad.
Re:The nastiest bit about SSL... (Score:2)
So how is it that some Netscape browsers manage to work fine with the wildcard type certificates so few CAs are willing to issue?
Just curious...
--
Sirus Cybernetics Corporation Products-it is very easy to be blinded to the essential uselessness of them by the sense of achievement you get from getting them to work at all. In other words-- and this is the rock-solid principle on which the whole of the Corporation's Galaxywide success is founded--their fundamental design flaws are completely hidden by their superficial design flaws. - Douglas Adams, Hitchhiker's Guide to the Galaxy
Sirus Cybernetics Corporation Marketing Division: A bunch of mindless jerks who'll be the first up against the wall when the revolution comes. - ibid.
The nastiest bit about SSL... (Score:4)
In fact, the way the certificates are designed, only one IP:port may be used for a given hostname, without using bizarre port redirection schemes or (possibly) features found in expensive SSL accelerators (Certs issued by some authorities with wildcards only work for the few using Netscape browsers, and other CAs just won't issue such certificates).
Unfortunately, no commercial site can tolerate having an address that has to specify a port number, not least because firewalls often will not pass traffic to nonstandard SSL ports for security reasons both real and imagined by sysadmins writing firewalling rules. Often the only alternative is to use multiple Internet-addressable IP addresses aliased on a box - this is a total pain in the butt that unnecessarily devours IP space and cripples server farm functionality, and one which by report the SSL working group has obstinately refused to fix, and that is largely responsible for the IANA having to withdraw its proposal that multiple-real-IP virtual servers be replaced with the IP-address saving virtual hostname method, rendered nonfunctional by SSL.
Evidently preserving the cash cow that is represented by the guarantee that a certificate will have to be bought for each and every IP and each and every hostname (or that an SSL accelerator board will be purchased) is considered more important than either functionality or the problems with address congestion.
my three cents (Score:3)
Good to see more security books are coming out and I agree an intro into stunnel [stunnel.org] would have been well worth it. Currently I wrap just about everything under stunnel, X, LICQ, pppd, and I love it. However on the other hand many people who don't understand SSL and are prompted for certificates would likely be offended to see an SSL cert created by something other than Verisign so the author should have attempted to debunk the idea that only Verisign or other vendor cert is law.
Maybe referencing Bruce Schneier's doc either by snippets or including a link to the document [antioffline.com] could've given clarity to those who don't understand some of the overhype about PKI.
Absolutely secure system (Score:1)
1. A system with an encrypted filesystem (rubberhose, perhaps), no external connectivity, in a room coated with a 10-foot thick layer of lead. Rig the case to dump strong acid on the internals when opened, thus destroying them entirely. Write a custom BIOS to use a specific sector on the hard drive to boot from, without any possibility of changing it. Compile the kernel to run only signed binaries, with a 2,048-bit encryption system for the signature. Etc.
or
2. Take hammer. Pound computer into small pieces. Repeat until satisfied.
Re:Absolutely security (Score:1)
Re:Can someone clear this up for me? (Score:2)
thinkgeek url (Score:3)
Re:Can someone clear this up for me? (Score:2)
I've been using IBM's implementation of Apache for pretty much everything *NIX. It has pretty much everything you need built-in (including SSL) and setting up the certs (self-signed or otherwise) can't get much easier. It even has an admin site included (if you like using these things) that wades through the soup that httpd.conf sometimes is.
You can find it here: http://www-4.ibm.com/software/webservers/httpserve rs/download.html [ibm.com]
Oh yeah, and it's totally free too (not like Stronghold, etc.).
Stronghold Apache (Score:1)
If you run a business, it's worth the $99 for the license. Otherwise it's a great build of Apache w/SSL that's fun to evaluate.
For those of us who already use Stronghold, this book looks like a great reference book - a must have. I'll be sure to get a copy.
Re:Can someone clear this up for me? (Score:1)
Capturing a public certificate using https (Score:1)
For example, in order to use java to connect to an https server with a selfsigned cert, you first have to import the cert so that it is trusted - but there's no easy way to get that cert in a file unless you control the server in question.
So how do you get the cert?
scam? (Score:1)
Re:I read the book (Score:1)
Okay then. Basically, when you throw a ball into the air, you have to supply a force greater than its weight. The reaction to this is a downward force on the thrower. So, throwing the ball upwards also pushes you downwards by the same amount.
Can someone clear this up for me? (Score:1)
Is mod_ssl the mechanism used to create an shttp connection? I probably should do a search for apache documentation, but I'm hoping the slashdot crowd can help me out the easy way ;-) Is configuring mod_ssl all you need to do to get some information securely from the browser to a middle-tier process? Anyone have links to free resources on the subject, or is the info as hard to find as the reviewer suggests?
Thanks,--d
Well, your fingers weave quick minarets; Speak in secret alphabets;
Re:Can someone clear this up for me? (Score:2)
Well, your fingers weave quick minarets; Speak in secret alphabets;
Re:Can someone clear this up for me? (Score:2)
How, exactly, was it a dumb question? I don't yet have any direct experience with shttp / mod_ssl / ApacheSSL, and I was looking for advice on reading materials *other* than the book being reviewed.
People in a community generally help each other. I know it is difficult for us anti-socal geeks who spend most of our time telling a machine what to do, but could you have just an ounce of respect for another human being in need of assistance?
If a newbie asked me a dumb question about, say, OpenGL, I would rather spend an hour explaining the subtleties than derriding them for their ignorance as you have done.
This is now a real moral plea: slashdotters, get off your high horse. If you know everything there is to know about a system, don't just sit on your pedistal, congratulating yourself on how smart you are... share your knowledge! Be patient with the new guy. Some day, he or she might be in a position to help you out in return.
Sorry for the rant, but I really believe slashdot has some great untapped potential for bringing us togther, and what we have done in the previous couple of posts is shameful.
Well, your fingers weave quick minarets; Speak in secret alphabets;
Re:What about certificates? (Score:1)
I know you can do it with current browsers, but when MIT set up its SSL PKI a few years back, some users had a hard time with the series of dialog boxes involved in getting a certificate. We also had to do a lot of work to get certificate support integrated into Lynx. IIRC there was some issue in getting the same server (or was it CA?) cert to work in both Netscape and IE.
MIT solved the transport issue by setting up its own CA server, where you could type a password into a web form and get a cert in your current browser. No problem with having many valid certs, and you could set them to expire in a short time if desired.
The nice thing is anyone can set up a web server that authenticates MIT users, without needing any special private key.
What about certificates? (Score:2)
Password-access sites have proliferated so much now that it seems SSL certificate-based authentication ought to make a comeback. Does the book talk about certificates much?
Unfortunately, browser support is the main issue holding back certificates; probably too mundane a topic for his book.
Absolutely security (Score:2)
Thanks for all the hard work! (Score:3)
-- .sig are belong to us!
All your
Re:my three cents (Score:1)
The linked article [antioffline.com] has an unfortunate title:
One might interpret this as the 10 risks of PKI that Carl and Bruce aren't telling usSSL x.509 PKI Netscape (Score:1)
Using SSLeay and later OpenSSL, it wasn't that hard, but the interface in my case was quite limited. I can imagine that writing a larger scale client-server system might need a handy reference like this book, I didn't find writing a simple very hard based on Eric Young's example code.
Does it cover digital certificates (X.509) used to verify the players (client, server) are whom they claim to be? If so, does it deal with everyone's favorite security buzzword, PKI?
SSL was not developed as a black art, Netscape published white papers about it right from the beginning. Probabilly still on their site, though I don't know where any more. And the open-source of SSLeay, later OpenSSL (after Eric and Tim joined RSA-Austrilia) had source code and example code, while not the easiest, quite manageable if you understand client server programming and cryptography.
SSL/TLS is not very hard if you know the bits, I take it this book helps those who aren't familiar with those bits.
Re:Myth #1 (Score:2)
Re:Thanks for all the hard work! (Score:1)
heh (Score:2)
i thought that was how to (effectively) bail the water out of your sinking dot com ship
This is a truly fine book (Score:1)
Re:Profligate (Score:2)
1'm s0rry, 1'm 0n th3 0th3r l1ne. (Score:1)