Comments on Moserware: The First Few Milliseconds of an HTTPS Connection

wow!

2011-12-07T11:06:04.808-05:00

wow!

Petri, waldner, Anonymous #31, Ingvar Helg...

2010-12-11T09:11:47.896-05:00
Petri, waldner, Anonymous #31, Ingvar Helgarson, shawn: Thanks!

PJ: They still seem to work for me.

Sanna: I tried my best at HTTPS. Hopefully it was helpful.

mundi: I show exactly how this is done in the code I posted on GitHub. Specifically for your question, see here.

Really good post, but I have a question: Could you...

2010-12-06T06:11:10.280-05:00
Really good post, but I have a question:
Could you write the details of how the MAC is calculated for the finished message in your example?
I have some problems finding out how to do it exactly.
Thanks in advance

Thank you for this great information. Great expla...

2010-11-01T14:49:23.850-04:00
Thank you for this great information. Great explanation of the topic.

Absolutely an eye opener. Incredibly useful post.

2010-04-28T05:02:59.560-04:00
Absolutely an eye opener. Incredibly useful post.

Thank you, thank you, thank you. Just the right l...

2010-03-13T23:15:58.413-05:00
Thank you, thank you, thank you. Just the right level of detail for me, with plenty of links to dive deeper where I'm curious to know more. I wish that many more people wrote as clearly as you--I was informed and entertained!

Super cool! Thank you very much, this is exactly t...

2010-03-06T10:45:40.770-05:00
Super cool! Thank you very much, this is exactly the kind of articles I love reading.

Hey! We were kinda wondering if you can explain ho...

2010-02-23T03:50:26.798-05:00
Hey!
We were kinda wondering if you can explain how SSL works, you seem to know these things pretty good:) We're two Swedish girls and studying information and communication technology, but sometimes all the technical descriptions on the net makes us confused, so maybe you can explain it so we understand. We know it's a long shot, but hey, one can always try:)
Krams
/Sanne and Jolina

I feel that your post is worthwhile of grooming. ...

2009-11-17T16:56:27.600-05:00
I feel that your post is worthwhile of grooming.

Published less than six months ago, all links to koders are dead. For instance, this is the correct link to SSL_AuthCertificate function.

You inevitably had to deal with NSS and "Mozilla's built-in certificate policy" directly links to a resource on mozilla.org. Therefore when updating the links I suggest you reference Mozilla's own documentation. Me bethinks it is CERT_CheckCertValidTimes() that does the job of "seeing that the current time is between the 'not before' time of August 26th, 2008 and before the 'not after' time of August 27, 2009."

Thanks for this post!!! took me most part of day t...

2009-11-12T22:21:01.828-05:00
Thanks for this post!!! took me most part of day to go through but so worth it.
Cheers

Amazing post, Jeff. Maybe you could write a Volume...

2009-10-20T01:53:34.181-04:00
Amazing post, Jeff. Maybe you could write a Volume IV to Stevens' TCP/IP Illustrated?

Diogo Oliveira again... ^_^ Thank you Jeff, the P...

2009-10-13T18:04:47.190-04:00
Diogo Oliveira again... ^_^

Thank you Jeff, the PDF is a good to go. Once more, i must give you my congratulations on such a fine work, and say that it was 1AM in Portugal when i read this article and posted my comment. And using the words of Eddie P: "now i feel as dumb as a rock... excuse me while i go stare blankly at the walll" ^_^

Eric: Your comment looks a little spammy, b...

2009-10-12T08:08:23.262-04:00
Eric: Your comment looks a little spammy, but I do know I need to make the site look better. I'll trust you had good intentions :) Thanks.

Diogo Oliveira: I recreated it and uploaded it to a different place in both Word (.docx) and PDF format. Do these links work for you?

Great Post. Very good indeed. I was trying to get ...

2009-10-11T19:26:28.308-04:00
Great Post. Very good indeed.
I was trying to get the PDF of it but the link seems broken?! I hope you can put it up again, PLEASE... ^_^

It´s a an amazing work, very clear (even for those like me, that don´t understand much of this)! Thank you.

Not anonymous:
Diogo Oliveira <-(my name)

Post Scriptum: Got milk¿? ^_^

Hi! Your blog is simply super. you have create a d...

2009-10-08T05:24:56.337-04:00
Hi! Your blog is simply super. you have create a differentiate. more templates easy to download Thanks for the sharing this website. it is very useful professional knowledge.

Fabian: Thanks! Fritz: Glad I could...

2009-09-29T20:54:34.775-04:00
Fabian: Thanks!

Fritz: Glad I could help. A lot of cool stuff happens in the "ant-heap".

Travis: Right -- that reminds me of a time in college when I was working on a EE lab project with a gate that took something like 1200 nanoseconds to work. I remember saying "that's so slow!" And then I thought for a second and started laughing. It's incredibly fast in normal terms, but it's all relative to the scale you're used to (in this case, a few nanoseconds was my new "normal.")

Thanks for stopping by!

Shows just how much goes by in a few milliseconds!...

2009-09-25T14:48:19.946-04:00
Shows just how much goes by in a few milliseconds!

At one time this maybe would've surprised me, but after getting involved in the field of wireless, I've realized that a few milliseconds is a LONG time...

Thank you Jeff, what a wonderful microscopic view ...

2009-09-25T04:22:22.956-04:00
Thank you Jeff, what a wonderful microscopic view into this ant-heap of clever actions. You had even already answered my question on why a copied server certificate wouldn’t help anybody in the middle (To Inv’s question June 13, 2009 5:14 PM ). Klasse! Fritz Jörn from Bonn, Fritz@Joern.com

Insightful! Great job man!

2009-08-25T13:09:22.019-04:00
Insightful! Great job man!

Asgeir S. Nilsen: 1. In your proposal for ...

2009-07-28T11:08:20.137-04:00
Asgeir S. Nilsen:

1. In your proposal for "A Better TLS Key Exchange" you recommend a solution is where the browser creates a digital certificate that lasts for the duration of a browser session. I don't follow how this would help because in an RSA key exchange the client generates the pre-master secret and sends it to the server, so the server has to decode it. The server would have to know how to decode it. If the client encrypted the pre-master secret with his freshly generated certificate private key, then anyone who saw the certificate (which would have to be transmitted in the clear) could decrypt it with the public key on the new cert. Thus, all security would be lost.

Now, let's say that you didn't go this route but instead wanted the server to generate the pre-master secret. The client would send his self-signed certificate to the server and the server could reply with the pre-master secret encrypted using the client's public key from the certificate. Nothing is stopping a man in the middle from exploiting this by intercepting your self-signed certificate and replacing it with his own self signed certificate (since it's self-signed, the server wouldn't know any better). You could improve the situation by also verifying the server's signature, but then you're back to trusting the certificate chain as your ultimate trust.

Note that nothing is stopping you from removing Certificate Authorities (CAs) that you don't trust. You could create your own trust scheme based off certificates. You could also use existing tools like OpenPGP and the RFC 5081 that modifies TLS to support its keys. This way you could create your own web of trust based on personally meeting people.

Another option is to take the Kerberos approach where everyone trusts the same person. RFC 2712 modifies TLS to do this. Again, it'd require a trusted third party.

Originally, SSL/TLS certificates were hard to get and good checks were made. Over time, they were watered down to the point. I think that Extended Validation Certificates go back to the original purposes. However, you're still trusting a company to do its job right.

Are certificates perfect? By no means! However, they provide a good means of *communicating* trust, not necessarily creating trust. This has to be implicit somewhere. You have to implicitly trust the CA *and* the people that wrote the cryptography library *and* that the code wasn't modified on its way to your machine *and* that your OS is running it correctly *and* that your CPU is executing it properly, etc.

2. You mention using shared secrets. This works and is the basis for the schemes I mentioned in the post such as TLS-PSK and my favorite, TLS-SRP (which goes out of its way to protect the secrets themselves).

Asgeir S. Nilsen: You're right that tru...

2009-07-28T11:08:02.407-04:00
Asgeir S. Nilsen: You're right that trust is a very important part of the process. I addressed similar concerns in the "Verifying Signatures" part of the post. In that section I linked to "Reflections on Trusting Trust" which showed that you always have to trust something. If you haven't read that already, I highly encourage it -- it's a classic in computer security.

I can restate the general idea by modifying a quote from Bruce Schneier: "if you think cryptography can solve your [trust] problem, then you don't understand your [trust] problem and you don't understand cryptography"

This problem has been around for ages. Consider Shakespeare's Hamlet Act 5, Scene 2 where Hamlet forged a letter from the king to get Rosencrantz and Guildenstern killed (who just so happened to be carrying the letter). The trust in that case was the king's seal.

I think cryptography has made the logistics easier (it's far easier to forge a seal than it is to forge a digital signature), but the trust issue remains.

Paul Morriss: Hopefully we have a newer pro...

2009-07-28T11:07:14.450-04:00
Paul Morriss: Hopefully we have a newer protocol version in 19 years :) If we don't, it should still be OK since the client and server values would both overflow to the same value (in theory).

Matthew: True, Firebug is a good utility as well.

Jaans: Reminds me of the Microsoft Exchange blog: "You had me at EHLO" :-)

You had me at "handshake"

2009-07-28T04:57:14.366-04:00
You had me at "handshake"

Thanks for an informative post. Could you please ...

2009-07-28T04:34:40.921-04:00
Thanks for an informative post.

Could you please comment on my post TLS: A Broken Trust Model about the inherent flaw of the trust model used both for establishing session key and verifying the identity of the server?

great post, wireshark is an extremely useful tool,...

2009-07-28T04:06:29.554-04:00
great post, wireshark is an extremely useful tool, add to that firebug for http debugging and you have to wonder how people managed before they came along.

Comments on Moserware: The First Few Milliseconds of an HTTPS Connection

wow!

Petri, waldner, Anonymous #31, Ingvar Helg...

Really good post, but I have a question: Could you...

Thank you for this great information. Great expla...

Absolutely an eye opener. Incredibly useful post.

Thank you, thank you, thank you. Just the right l...

Super cool! Thank you very much, this is exactly t...

Hey! We were kinda wondering if you can explain ho...

I feel that your post is worthwhile of grooming. ...

Thanks for this post!!! took me most part of day t...

Amazing post, Jeff. Maybe you could write a Volume...

Diogo Oliveira again... ^_^ Thank you Jeff, the P...

Eric: Your comment looks a little spammy, b...

Great Post. Very good indeed. I was trying to get ...

Hi! Your blog is simply super. you have create a d...

Fabian: Thanks! Fritz: Glad I could...

Shows just how much goes by in a few milliseconds!...

Thank you Jeff, what a wonderful microscopic view ...

Insightful! Great job man!

Asgeir S. Nilsen: 1. In your proposal for ...

Asgeir S. Nilsen: You're right that tru...

Paul Morriss: Hopefully we have a newer pro...

You had me at "handshake"

Thanks for an informative post. Could you please ...

great post, wireshark is an extremely useful tool,...