[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TLS for the link handshakes/encryption

To: or-dev@freehaven.net
Subject: Re: TLS for the link handshakes/encryption
From: Ben Laurie <ben@algroup.co.uk>
Date: Tue, 02 Sep 2003 10:28:00 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Tue, 02 Sep 2003 05:29:10 -0400
In-reply-to: <20030902015120.Q7514@moria.mit.edu>
References: <E19spWy-0007Ee-00@xanthine.gratuitous.org> <20030830021334.O7514@moria.mit.edu> <E19t9Af-00018P-00@xanthine.gratuitous.org> <20030902015120.Q7514@moria.mit.edu>
Reply-to: or-dev@freehaven.net
Sender: owner-or-dev@freehaven.net
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.4) Gecko/20030624

Roger Dingledine wrote:

> On Sat, Aug 30, 2003 at 01:05:53PM -0400, Joel N. Weber II wrote:
> 
>>   I'd actually like to solve link key rotation at the same time as I update
>>   the handshake protocol. It would be nice if establishing the first key
>>   is pretty much the same operation as rotating the key, so we can keep
>>   the design simple. More design work remains. Feel free. :)
>>
>>I don't know offhand if TLS does this, but sshv2 certainly takes care
>>of all of this.
> 
> 
> I think we should definitely look into tls for the OR link-level
> encryption/auth. Stunnel looks like it has some not-too-crazy code we
> could use (albeit gpl).

There's also code in the examples directory in openssl, and
s_client/s_server in apps.

> On the other hand, doing all the ssl hoops looks like about as much (or
> more!) code as just doing the handshakes ourselves (that is, calling
> each step of the openssl library).

I sincerely doubt that.

> I think much of the ssl calling
> overhead is for sessions, etc, which I don't think we need to worry
> about. Nick: you've got some experience with ssl/tls from minion --
> what's your impression here? Also, are there tls libs that play well
> with asynchronous systems, or do they demand a separate thread/process?

OpenSSL does (see the state machine and tunala examples). Also see the
interface to it in Apache 2.x.

> Which brings me to my next realization: we've been planning to split
> out a couple of cpu worker processes (threads on windows) to do the
> heavy crypto lifting, eg public key decryption. Rather than keeping our
> crazy asynchronous logic in connection_or.c, why not simply hand the
> newly accepted socket to a worker, and after a while he informs you
> that it's now in the 'open' state? (And he hands back the necessary
> crypto material.)
> 
> Whether we use fullblown TLS or just the subset of it that we need,
> this is something worth considering.

What subset do you need?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

References:
- TLS for the link handshakes/encryption
  - From: Roger Dingledine <arma@mit.edu>

Prev by Author: Re: TLS for the link handshakes/encryption
Next by Author: Re: TLS, threads, and workers
Previous by thread: TLS for the link handshakes/encryption
Next by thread: Re: TLS for the link handshakes/encryption
Index(es):
- Author
- Thread