[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: [gnutls-devel] =?utf-8?q?gnutls=5Fcertificate=5Fverify=5Fpeers*_q?=
From: Peter Williams <home_pw () msn ! com>
Date: 2013-02-19 16:52:00
Message-ID: SNT401-EAS8824297F303B301DF390F692F50 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[Attachment #4 (text/plain)]
Well lets bring it back mostly on topic, without getting put against the wall and \
shot.
SSL is split between the bearer for such as the handshake protocol, XYZ protocol, the \
application protocol AND the (SSL framing) bearer. SSL messages then go over an \
assume reliable transport, or unreliable datagram service (these days, when using the \
right key management and cipher mode).
Assume that an implicit layer 7 signal - indicating verified/validated client \
cert/chain - gets raised only upon completion of handshake protocol. SInce SSL is \
extensible, one may insert an XYZ protocol - defined to be completed before the first \
byte of any message on the application protocol is sent or handled by client.
Assume XYZ has authorization semantics, building upon the entity authentication \
service delivered by the handshake. Assume that the semantics are verified themselves \
using the verified/validated cert chain event, as raised by the SSL handshake \
protocol.
Given the certs are authentic and authenticated in the context of the running macs of \
the record-layer - which provides integrity evidence regarding the [correct] \
sequencing of protocol units on what is a multi-protocol, multi-channel bearer \
framing layer design intended for hardware pipelining - the security labels attached \
to one of the keys within the certs may be consulted. Some security label algebra may \
then be computed - such as the classical no-write-down MAC/MLS policy logic. The \
labels from the 2 (or more certs) and the labels from the PDUs on the wire go into \
the (verified correct) algebra calculator that "decides" - mostly to open the \
client's gate that permits it to have a looksee (only now) at the application \
protocol PDUs.
What I didn't get from DANE's security engineers, and I certainly don't get form the \
discussion here about the custom profile of DANE, is how the cert/chain validation \
semantics are supposed to be interacting WITH a correctness arguments concerning SSL \
various formal security services - as found in higher assurance engineering.
Its not just a question of swapping the MIB used for trust anchors from local trusted \
store to a authenticated DNS zone.
Sent from Windows Mail
From: Juho Vähä-Herttua
Sent: February 19, 2013 7:07 AM
To: Peter Williams
CC: Jaak Ristioja, gnutls-devel
Subject: Re: [gnutls-devel] gnutls_certificate_verify_peers* question
I completely agree that the identities in TLS are not verified until both ends have \
finished verifying each others' verify messages. However, I simply can't resist \
commenting on this (originally already a bit off-topic) analogy:
On 19.2.2013, at 15.59, Peter Williams <home_pw@msn.com> wrote:
If you go to a math exam and show 30m worth of workings but make a tiny adding error \
at the last step getting the wrong answer, you still get 0 points on the score. There \
are no points for correct workings. The bridge fell down.
It depends a lot on the case, but I would say in the general math exam case this kind \
of grading should be at least questioned. 30m of correct workings should show on the \
answer and therefore it would be reasonable for it to result in some small amount of \
points. Especially if the counterexample of accidentally correct answer with wrong \
process had any chance of getting more than 0 points (even if it's because of a \
mistake by the person doing grading), I would say the exam is pedagogically \
questionable.
In cryptography (and naturally in some other areas as well) getting full points every \
time is crucial, but in most areas of life not so much. In schools I have gone to, \
there indeed are points for correct workings, and that has had no notable negative \
effect on the quality of education. Just bringing this up in case you weren't aware.
Juho
[Attachment #5 (text/html)]
<html><head><style data-externalstyle="true">
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, \
div.MsoListParagraphCxSpFirst, p.MsoListParagraphCxSpMiddle, \
li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle, \
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast \
{ margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
</style></head><body><div data-externalstyle="false" \
style="font-family:Calibri,'Segoe UI',Meiryo,'Microsoft YaHei UI','Microsoft JhengHei \
UI','Malgun Gothic','Khmer UI','Nirmala UI',Tunga,'Lao \
UI',Ebrima,sans-serif;font-size:16px;"><div>Well lets bring it back mostly on topic, \
without getting put against the wall and shot.</div><div> </div><div>SSL is \
split between the bearer for such as the handshake protocol, XYZ protocol, the \
application protocol AND the (SSL framing) bearer. SSL messages then go over an \
assume reliable transport, or unreliable datagram service (these days, when using the \
right key management and cipher mode).</div><div> </div><div>Assume that an \
implicit layer 7 signal - indicating verified/validated client cert/chain - gets \
raised only upon completion of handshake protocol. SInce SSL is extensible, one may \
insert an XYZ protocol - defined to be completed before the first byte of any message \
on the application protocol is sent or handled by \
client.</div><div> </div><div>Assume XYZ has authorization semantics, building \
upon the entity authentication service delivered by the handshake. Assume that the \
semantics are verified themselves using the verified/validated cert chain event, as \
raised by the SSL handshake protocol.</div><div> </div><div>Given the certs are \
authentic and authenticated in the context of the running macs of the record-layer - \
which provides integrity evidence regarding the [correct] sequencing of protocol \
units on what is a multi-protocol, multi-channel bearer framing layer design intended \
for hardware pipelining - the security labels attached to one of the keys within the \
certs may be consulted. Some security label algebra may then be computed - such as \
the classical no-write-down MAC/MLS policy logic. The labels from the 2 (or more \
certs) and the labels from the PDUs on the wire go into the (verified correct) \
algebra calculator that "decides" - mostly to open the client's gate that \
permits it to have a looksee (only now) at the application protocol PDUs.</div><div \
data-focusfrompointer="true"> </div><div data-focusfrompointer="true">What I \
didn't get from DANE's security engineers, and I certainly don't get form the \
discussion here about the custom profile of DANE, is how the cert/chain validation \
semantics are supposed to be interacting WITH a correctness arguments concerning SSL \
various formal security services - as found in higher assurance \
engineering.</div><div data-focusfrompointer="true"> </div><div \
data-focusfrompointer="true">Its not just a question of swapping the MIB used for \
trust anchors from local trusted store to a authenticated DNS zone. </div><div \
data-focusfrompointer="true"> </div><div \
data-focusfrompointer="true"> </div><div \
data-focusfrompointer="true"> </div><div> </div><div> </div><div \
data-signatureblock="true"><div> </div><div>Sent from Windows \
Mail</div><div> </div></div> <div style="border-top-color: rgb(225, 225, 225); \
border-top-width: 1px; border-top-style: solid;"> <strong>From:</strong> Juho \
Vähä-Herttua<br> <strong>Sent:</strong> February 19, 2013 \
7:07 AM<br> <strong>To:</strong> Peter \
Williams<br> <strong>CC:</strong> Jaak Ristioja, \
gnutls-devel<br> <strong>Subject:</strong> Re: [gnutls-devel] \
gnutls_certificate_verify_peers* question<br> </div> <div> </div><div>I \
completely agree that the identities in TLS are not verified until both ends have \
finished verifying each others' verify messages. However, I simply can't resist \
commenting on this (originally already a bit off-topic) analogy:</div><div><br>On \
19.2.2013, at 15.59, Peter Williams <<a tabindex="-1" \
href="mailto:home_pw@msn.com">home_pw@msn.com</a>> wrote:</div><blockquote><div>If \
you go to a math exam and show 30m worth of workings but make a tiny \
adding error at the last step getting the wrong answer, you still get 0 points \
on the score. There are no points for correct workings. The bridge fell \
down.</div></blockquote><div><br></div><div>It depends a lot on the case, but I would \
say in the general math exam case this kind of grading should be at least questioned. \
30m of correct workings should show on the answer and therefore it would be \
reasonable for it to result in some small amount of points. Especially if the \
counterexample of accidentally correct answer with wrong process had any chance of \
getting more than 0 points (even if it's because of a mistake by the person doing \
grading), I would say the exam is pedagogically \
questionable.</div><div><br></div><div>In cryptography (and naturally in some other \
areas as well) getting full points every time is crucial, but in most areas of life \
not so much. In schools I have gone to, there indeed are points for correct workings, \
and that has had no notable negative effect on the quality of education. Just \
bringing this up in case you weren't \
aware.</div><div><br></div><div><br></div><div>Juho</div><div><br></div></div></body></html>
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic