It's hard to state that a communications channel is "secure" without
defining what it means to be "secure". TLS takes a three-pronged
approach. (For a more in-depth discussion on what the cryptographic
community has determined as being "secure" as applied to a
communications channel, Schneier's Applied Cryptography is a good
read, and it has an extensive bibliography.)
Verification that the message received was the message sent (through
the use of an HMAC).
Obfuscation of the message from any passive attackers (symmetric
cryptography).
Identification and authentication of the other end of the
communications channel (asymmetric cryptography).
Of the three of these, it turns out that the last one (Identification/
Authentication)is the most difficult to implement. (The PKI --
public key infrastructure -- is a difficult concept to grasp, and
very difficult to properly implement. There are many hidden gotchas
involved, and if not designed and managed properly can undo all of
the identification/authentication benefits -- and that is also not an
area that OpenSSL is well-designed to support. It provides tools to
do basic management, but their use is fraught with security-
compromising peril. ) (There are other mechanisms available,
including the OpenPGP Web of Trust model, and 'key continuity' [for
those situations where 'who the conversation is with' is less
important than 'the current conversation is with the same entity as
the last conversation I thought I had with this entity'.
Unfortunately, implementing these in OpenSSL is very difficult. SSL
historically relied on X.509 certificates, and that is what OpenSSL
implements.)
The first two (obfuscation and verification) are a function of strong
algorithms and good key selection. The selection of the algorithms
is automated by SSL/TLS, and the selection of keys is essentially
from a random source. Even without absolute knowledge of the
identity of the remote side, the asymmetric cryptography allows for
the keys necessary for HMAC and symmetric cryptography to be
exchanged without giving information about the keys to any
eavesdropper or active attacker (through the use of the anonymous RSA
and anonymous DH/DHE ciphers.)
-Kyle H
On Jul 23, 2007, at 11:38 PM, Urjit Gokhale wrote:
Hello everyone,
I have been writing code to secure my client-server application. It
has been=
almost a year now, since I entered the world of OpenSSL. I have
been readin=
g about key exchange, symmetric ciphers, certificates etc. and for
that matt=
er I have used all this in the code through the APIs provided by
OpenSSL. bu=
t one question that has been coming to mind since quite some time is:
"Is securing your communication channel so simple?"
Choosing a good size key, selecting a good algorithm ... is that
all? It sou=
nds too simple to be true.
So, what does it really take to secure your communication channel?
(at this=
point, I am not talking about securing application, as I believe
that it ha=
s much vast scope). Just having a long key doesn't seem to be
sufficient, ri=
ght?
Could someone point me to the literature that I have not read yet?
which exp=
lains pitfalls when it comes to securing the communication?
Am I the only one with this question? or did others also have this
doubt?
Thanks for all the support I have got from this group,
~ Urjit
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
