> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Edward Ned Harvey (openssl) > Sent: Wednesday, 23 April, 2014 21:05 > Subject: RE: SSL Root CA and Intermediate CA Certs. > > I don't know how you learn about SSL/TLS, other than (a) reading the > internet,
Man, I *tried* to read the Internet, but to be honest I got bogged down somewhere around 2.0.0.0. > (b) taking some courses on general > cryptography (there is a free online course at coursera.com, which is quite > good.) and (c) the thing that I actually found the most useful, a general > book on cryptography called Cryptography Engineering I'd argue that knowing about cryptography, and especially about implementing cryptography, is not very helpful for understanding SSL/TLS. Once you understand the purpose of the primitives - symmetric and asymmetric encryption, message digests, and digital signatures - the details don't help you with the SSL/TLS protocols themselves, or even with choosing cipher suites. (While some suites are vulnerable to particular attacks, you can take the word of crypto experts on those points and weigh them against your threat model. Understanding the specifics of the threat isn't necessary.) And understanding the details of cryptographic implementation won't help at all with PKI. So I'd suggest starting with a quick cryptography primer that covers the primitives, and then something like Rescorla's /SSL and TLS/ book. It's not an exciting read, but then SSL/TLS is not an exciting subject. For someone who does want more background in cryptography, I'd recommend Schneier's /Applied Cryptography/ over /Cryptography Engineering/. The latter is for people implementing cryptography, which beginners should never do. As a rule of thumb, don't attempt to implement cryptography until you know when it's appropriate to violate this rule. And as Schneier himself has pointed out numerous times, cryptography isn't the problem, or the solution, anyway. ("If you think cryptography is the solution to your problem, you don't understand cryptography and you don't understand your problem.") > How and why do you trust any root certs? Generally they're built-in to your > OS or your browser, so you're just blindly trusting that those guys know what > they're doing. And they don't, and they don't care that they don't. The SSL/TLS X.509-with-well-known-CAs PKI is fundamentally broken and frequently compromised. But there's little we can do about it, so we pretend it isn't. Of course the point of *any* security system is to raise the work factor for attackers until the cost of breaking the system is greater than the return for breaking it, under your threat model. SSL/TLS raises that cost over unencrypted communications. But it doesn't raise it nearly as much as it ought to, thanks to broken protocols, broken implementations, broken PKI, mismanagement, and user error. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com