[gnutls-devel] gnutls_certificate_verify_peers* question

Peter Williams home_pw at msn.com
Tue Feb 19 17:52:00 CET 2013

Well lets bring it back mostly on topic, without getting put against the wall and shot.


SSL is split between the bearer for such as the handshake protocol, XYZ protocol, the application protocol AND the (SSL framing) bearer. SSL messages then go over an assume reliable transport, or unreliable datagram service (these days, when using the right key management and cipher mode).


Assume that an implicit layer 7 signal - indicating verified/validated client cert/chain - gets raised only upon completion of handshake protocol. SInce SSL is extensible, one may insert an XYZ protocol - defined to be completed before the first byte of any message on the application protocol is sent or handled by client.


Assume XYZ has authorization semantics, building upon the entity authentication service delivered by the handshake. Assume that the semantics are verified themselves using the verified/validated cert chain event, as raised by the SSL handshake protocol.


Given the certs are authentic and authenticated in the context of the running macs of the record-layer - which provides integrity evidence regarding the [correct] sequencing of protocol units on what is a multi-protocol, multi-channel bearer framing layer design intended for hardware pipelining - the security labels attached to one of the keys within the certs may be consulted. Some security label algebra may then be computed - such as the classical no-write-down MAC/MLS policy logic. The labels from the 2 (or more certs) and the labels from the PDUs on the wire go into the (verified correct) algebra calculator that “decides” - mostly to open the client’s gate that permits it to have a looksee (only now) at the application protocol PDUs.


What I didn't get from DANE’s security engineers, and I certainly don't get form the discussion here about the custom profile of DANE, is how the cert/chain validation semantics are supposed to be interacting WITH a correctness arguments concerning SSL various formal security services - as found in higher assurance engineering.


Its not just a question of swapping the MIB used for trust anchors from local trusted store to a authenticated DNS zone. 






Sent from Windows Mail

From: Juho Vähä-Herttua
Sent: ‎February‎ ‎19‎, ‎2013 ‎7‎:‎07‎ ‎AM
To: Peter Williams
CC: Jaak Ristioja, gnutls-devel
Subject: Re: [gnutls-devel] gnutls_certificate_verify_peers* question

I completely agree that the identities in TLS are not verified until both ends have finished verifying each others' verify messages. However, I simply can't resist commenting on this (originally already a bit off-topic) analogy:

On 19.2.2013, at 15.59, Peter Williams <home_pw at msn.com> wrote:

If you go to a math exam and show 30m worth of workings but make a tiny adding error at the last step getting the wrong answer, you still get 0 points on the score. There are no points for correct workings. The bridge fell down.

It depends a lot on the case, but I would say in the general math exam case this kind of grading should be at least questioned. 30m of correct workings should show on the answer and therefore it would be reasonable for it to result in some small amount of points. Especially if the counterexample of accidentally correct answer with wrong process had any chance of getting more than 0 points (even if it's because of a mistake by the person doing grading), I would say the exam is pedagogically questionable.

In cryptography (and naturally in some other areas as well) getting full points every time is crucial, but in most areas of life not so much. In schools I have gone to, there indeed are points for correct workings, and that has had no notable negative effect on the quality of education. Just bringing this up in case you weren't aware.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130219/6c61d5ca/attachment-0001.htm>

More information about the Gnutls-devel mailing list