> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Edward Ned Harvey (openssl)
> Sent: Wednesday, 23 April, 2014 21:05
> Subject: RE: SSL Root CA and Intermediate CA Certs.
> 
> I don't know how you learn about SSL/TLS, other than (a) reading the
> internet,

Man, I *tried* to read the Internet, but to be honest I got bogged down 
somewhere around 2.0.0.0.

> (b) taking some courses on general
> cryptography (there is a free online course at coursera.com, which is quite
> good.)  and (c) the thing that I actually found the most useful, a general
> book on cryptography called Cryptography Engineering

I'd argue that knowing about cryptography, and especially about implementing 
cryptography, is not very helpful for understanding SSL/TLS. Once you 
understand the purpose of the primitives - symmetric and asymmetric encryption, 
message digests, and digital signatures - the details don't help you with the 
SSL/TLS protocols themselves, or even with choosing cipher suites. (While some 
suites are vulnerable to particular attacks, you can take the word of crypto 
experts on those points and weigh them against your threat model. Understanding 
the specifics of the threat isn't necessary.) And understanding the details of 
cryptographic implementation won't help at all with PKI.

So I'd suggest starting with a quick cryptography primer that covers the 
primitives, and then something like Rescorla's /SSL and TLS/ book. It's not an 
exciting read, but then SSL/TLS is not an exciting subject.

For someone who does want more background in cryptography, I'd recommend 
Schneier's /Applied Cryptography/ over /Cryptography Engineering/. The latter 
is for people implementing cryptography, which beginners should never do. As a 
rule of thumb, don't attempt to implement cryptography until you know when it's 
appropriate to violate this rule. And as Schneier himself has pointed out 
numerous times, cryptography isn't the problem, or the solution, anyway. ("If 
you think cryptography is the solution to your problem, you don't understand 
cryptography and you don't understand your problem.")
 
> How and why do you trust any root certs?  Generally they're built-in to your
> OS or your browser, so you're just blindly trusting that those guys know what
> they're doing.

And they don't, and they don't care that they don't. The SSL/TLS 
X.509-with-well-known-CAs PKI is fundamentally broken and frequently 
compromised. But there's little we can do about it, so we pretend it isn't.

Of course the point of *any* security system is to raise the work factor for 
attackers until the cost of breaking the system is greater than the return for 
breaking it, under your threat model. SSL/TLS raises that cost over unencrypted 
communications. But it doesn't raise it nearly as much as it ought to, thanks 
to broken protocols, broken implementations, broken PKI, mismanagement, and 
user error.

-- 
Michael Wojcik
Technology Specialist, Micro Focus



This message has been scanned for malware by Websense. www.websense.com

Reply via email to