[Nsi-wg] Securit infrastructure using TLS

Henrik Thostrup Jensen htj at nordu.net
Fri Mar 23 07:02:24 EDT 2012 

Hi

So the "alternative" suggestion for a security infrastructure using TLS and
X.509 infrastructure.

Note: TLS is evolution/replacement of SSL.

Requirements:
  - Peer authentication
  - Confidentiality
  - Message integrity
  - Replay protection

At least we agree on those :-).

TLS supports all of these, and have done it for more than 10 years. In the
common setup only the server (defined as the one not initiating the connection)
is authenticated. Typically (for HTTP applications) clients are then
authenticated via username/password. However TLS supports authenticating
clients via certificates just fine. This enforced by requiring clients to
present a certificate in the service-side security context.

There was an argument about TLS not providing end-to-end message integrity.
That is simply not true. While it is possible to put TLS in a configuration
with a reverse proxy and defining end in a certain way, one can make a
strawmans argument about this. TLS is what is used when punching in your credit
card numbers over the Internet or accessing your web-mail in secure fashion. It
is good enough for NSI :-).

Performance-wise setting up a TLS connection and creation a signed+encrypted
message are roughly the same (involves the same amount prime number juggling).
If using persistent connections TLS will use a negotiated secret shared key for
encrypting the session, which is significantly cheaper than pure RSA, causing
TLS to win hands-down. I don't think this will be an issue though (AFAIK it can
also be solved by using WS-SecureConvensation, but that wasn't what was
suggested).

For completeness WS-Security comes much more unassembled than TLS. One has too
choose signing and/or encryption along with what to actually do this on.
Arguably WS-Security is a lot more flexible and allows stuff like passing on
signed messages for repudiation, we don't have that in our requirement, and it
doesn't fit very well into what we've outlined as a trust/peer network (we
don't require all NSAs to thrust the certificate provider of all other NSAs and
do message breakout).

Now, both TLS and WS-Security can provide a solution which can solve our
requirements. TLS however is much widespread both in usage and implementations
as it is the de-facto standard for providing secure communication for the HTTP
protocol. TLS is supported in virtually all major programming languages, either
through native implementations or bindings to OpenSSL or GnuTLS. It is also
protocol independent meaning that we can use the same security infrastructure
for a client REST protocol.


     Best regards, Henrik

  Henrik Thostrup Jensen <htj at nordu.net>
  Software Developer, NORDUnet

More information about the nsi-wg mailing list