Inform/SSL

From MozillaWiki
Jump to: navigation, search

What is SSL?

Secure Sockets Layer (SSL) is an encryption system which provides in-transit encryption for communications across computer networks. SSL is a historical but widely-used name; the modern standardized version is called TLS.

Explanation

SSL provides in-transit encryption, which means that data is encrypted, sent over the network, and decrypted at the other end. The aim is to prevent it being read by people intercepting or monitoring the communication. The information security of the two communicating systems themselves, or of the data when it resides on those systems, is out of scope for SSL.

SSL runs at a 'lower layer' than Internet application protocols, so many different things can happen on top of SSL - e.g. transfer of web pages, chat, or exchange of email. SSL works the same way in all of these applications. The most well-known use is the secure transfer of web pages - "HTTPS", with the "S" standing for "secure".

An SSL connection is initiated using asymmetric ("public key") encryption - the server hands over its public key at the start of the connection. This means that anyone can initiate a conversation with a server, without any need for prior secure information exchange. This feature is what makes secure websites as easy to use as non-secure ones. The server then uses a private key, which it keeps secret, to decrypt the information sent. (In fact, for speed reasons, SSL uses the established secure channel to agree on a symmetric encryption key, which is then used for all data transfer. This makes it a hybrid system.)

A key question in SSL is: how does a client such as a web browser know it is talking to the right server? When a connection is started to e.g. "www.mozilla.org", the server returns a public key which says "I am indeed www.mozilla.org", but how does the browser know it is telling the truth, and that they are not being subject to an Man In The Middle (MITM) attack?

A public key can be signed (vouched for) by one or more Certificate Authorities (CAs), who are then affirming that the key pair is actually owned by the owner of the website in question. (They check that this is true using various methods.) If the browser trusts that CA, then it trusts this assertion. If it does not trust the CA, or no CA is involved, then the browser will raise a strong security warning. Major browsers trust a list of CAs - a slightly different list in each case. For example, Mozilla Firefox trusts about 60 different CA companies around the world; Microsoft rather more.

This means that, assuming the CA being used is both trusted and trustworthy, a client can be sure it is talking to the server it asked for. (In SSL as it is most commonly used on the Internet, the server cannot initially know who the client is. This has to be established by some other means, such as a web page login form.)

Other than weaknesses in the cryptographic algorithms or implementations, this system could potentially be compromised in a number of ways:

  • A CA could have a flaw in its checking procedure, such that someone can pass the "do they own this site?" check when they should have failed;
  • A CA could be legally compelled by its government to issue a false certificate, and perhaps also compelled to keep the fact secret;
  • A CA, or a company with access to its systems, could be broken into, and certificates made and stolen. (This happened in 2011 to a CA named DigiNotar, based in Holland.)

However, if such a cert were used to intercept communications, it would result in strong proof of wrongdoing being sent to the user's browser, where they could in theory capture it. Some browsers ship with information about the nature of the certs they expect to see on certain sites, and will send back an error report if those expectations are not met. (This is known as "pinning".) It was this sort of error-reporting mechanism which revealed that certs stolen from DigiNotar were being used to conduct MITM attacks on Iranian Internet users.

Further Reading and Resources