> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Edward Ned Harvey (openssl)
> Sent: Wednesday, 23 April, 2014 21:05
> Subject: RE: SSL Root CA and Intermediate CA Certs.
>
> I don't know how you learn about SSL/TLS, other than (a) reading the
> internet,
Man, I *tried* to read the Internet, but to be honest I got bogged down
somewhere around 2.0.0.0.
> (b) taking some courses on general
> cryptography (there is a free online course at coursera.com, which is quite
> good.) and (c) the thing that I actually found the most useful, a general
> book on cryptography called Cryptography Engineering
I'd argue that knowing about cryptography, and especially about implementing
cryptography, is not very helpful for understanding SSL/TLS. Once you
understand the purpose of the primitives - symmetric and asymmetric encryption,
message digests, and digital signatures - the details don't help you with the
SSL/TLS protocols themselves, or even with choosing cipher suites. (While some
suites are vulnerable to particular attacks, you can take the word of crypto
experts on those points and weigh them against your threat model. Understanding
the specifics of the threat isn't necessary.) And understanding the details of
cryptographic implementation won't help at all with PKI.
So I'd suggest starting with a quick cryptography primer that covers the
primitives, and then something like Rescorla's /SSL and TLS/ book. It's not an
exciting read, but then SSL/TLS is not an exciting subject.
For someone who does want more background in cryptography, I'd recommend
Schneier's /Applied Cryptography/ over /Cryptography Engineering/. The latter
is for people implementing cryptography, which beginners should never do. As a
rule of thumb, don't attempt to implement cryptography until you know when it's
appropriate to violate this rule. And as Schneier himself has pointed out
numerous times, cryptography isn't the problem, or the solution, anyway. ("If
you think cryptography is the solution to your problem, you don't understand
cryptography and you don't understand your problem.")
> How and why do you trust any root certs? Generally they're built-in to your
> OS or your browser, so you're just blindly trusting that those guys know what
> they're doing.
And they don't, and they don't care that they don't. The SSL/TLS
X.509-with-well-known-CAs PKI is fundamentally broken and frequently
compromised. But there's little we can do about it, so we pretend it isn't.
Of course the point of *any* security system is to raise the work factor for
attackers until the cost of breaking the system is greater than the return for
breaking it, under your threat model. SSL/TLS raises that cost over unencrypted
communications. But it doesn't raise it nearly as much as it ought to, thanks
to broken protocols, broken implementations, broken PKI, mismanagement, and
user error.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
