Simple SSL/TLS - Some Questions

Ian Grigg iang at systemics.com
Tue Oct 7 13:57:18 EDT 2003 

Jill Ramonsky wrote:

>  > The only question I wasn't quite sure of
>  > was whether, if I take your code, and modify it,
>  > can I distribute a binary only version, and keep
>  > the source changes proprietary?
> 
> You can't distribute a binary only version of ANY crypto product,
> surely? No crypto product can EVER be trustworthy unless you can see the
> source code and verify that it has no back doors, and then compile it.
> Unless you give your users the power to inspect the source code, and
> /know/ that it is the source code (because they can actually compile it
> and run the resulting executable) then you could have put all sorts of
> back doors into it. You could have added password theft, key escrow, who
> knows what?
> 
> Don't get me wrong. I agree with you that crypto has enough barriers
> already, and I would like to produce something that is as freely
> distributable as possible. "For the masses" crypto is, I guess, an
> unwritten design goal. But allowing people to hide the crypto source
> from crypto users would allow the bad guys (you can define your own bad
> guys) to produce Trojan Horse crypto. Closed source crypto is to all
> intents worthless. (In my opinion). Please feel free to argue that I'm
> wrong.


You - or others - are talking about putting your TLS
thingie in an embedded device?  Like a toaster, for
sake of discussion, because we don't want the bad guy
to see us doing white bread in the mornings :-)

Are you envisaging a world where a toaster owners must
be permitted to inspect and rebuild the crypto code in
their toaster so as to be sure that there are no back
doors?

And, are you envisaging a world where you could do more
good by forcing this viewpoint on the manufacturers of
toasters, as opposed to a world where a manufacturer of
toasters decides that, regardless of the possible presence
of backdoors, they think it better than the user cannot
see the crypto in the toaster?

If so, then you need to craft some source code availability
clause into the licence.  That would mean more like Mozilla,
and definately not like BSD/MIT and the rest.  (And maybe
like GPL, as suggested by Jerry.)

Also, note that OpenSSL - your erstwhile competitor -
is under Apache licence and that has no such limit,
AFAIK.

In practice, what you are suggesting doesn't work.  It
is pretty nigh impractical to take a set of open source,
and a finished deliverable crypto product, and show that
one was used to build the other.  This is because the
compilation process is not really deterministic and
duplicable, across a variety of times & machines &
tools.

In essence, a developer uses the open source if he wants
to be sure.  Anyone using a binary only product makes that
choice.


>  > My own philosophy has always been that crypto has
>  > enough barriers on it already, so it should not
>  > add any more personality quirks than necessary,
>  > hence preference for BSD two clause.  Mind you,
>  > such a statement is a personality quirk, so you
>  > be your own judge.
> 
> Eek. Was my paragraph above a personality quirk? I thought it was a
> sound cryptographic principle.


As a highly general comment, when we get to something
along the lines of "you must do it like I say" then you
have to apply the God test. Are we that omniscient?  Can
we really support the case that we know how this is best
used?

For every successful god, there are a thousand who found
themselves forgotten and unmartyred.  RMS is one of the
few exceptions;  he crafted a prisoners' dilemma that
stretched broad and created a community of programmers.
I can't think of any similar successes in the field of
cryptography, although there are claims.

So, the question you have to ask yourself is, does that
arrangement he crafted - GPL or something similar - have
sufficient merit that it should be applied to crypto?

My call is "no" as I really don't want any user of my
crypto to actually have to think at all about my own
beliefs.  I want him to use it as fast and as furiously
as possible.  (There are many who disagree with this,
but that is orthogonal to the licensing issue.)  I
admire the game theory behind the GNU licence, but we
should also note the very large number of companies
that won't touch it because of the costs that it brings.

Now, there are a few GNU crypto products out there.
Also, please don't believe that I have much confidence
in the call!  What you might want to do is to check
how other GNU crypto products have faired, it would
be a useful exercise.


>  > Q:  Does your employer  have any say or comment
>  > on this project?  Might be wise to clear up the
>  > posture, and either get it in writing, or make
>  > the repository public from the git-go.  Many an
>  > open source project has foundered when the boss
>  > discovered that it works...
> 
> It has absolutely nothing whatsoever to do with my employer. All my code
> will be written at home in my spare time, and uploaded to CVS or
> whatever also from home. It is true that I happen to be sending this
> email from work, but even that's in my own time. I don't see how they
> have any say. To be /really/ safe,  I'd be happy to always post to this
> list only from home, but right now I don't think it's a problem.


It's fairly well established in common law that
your employer owns what you do.  You would need
to (as Jerry says) check with the contract you
have with the employer, and check what the state
law says.  If you have a lawyer friend, ask them.

If you don't want to do that - and I can understand
the drudgery of reading law and contracts when you
should be writing crypto - then just go ahead and
write and publish under some licence.  At least if
you get told to stop, what is published will remain
published.

But, it would be much better if you could get an
email from your boss saying it is ok for you to
work on an open source crypto product in your own
time...  Consider it a challenge.  Even an email
from you to the boss announcing your intentions
will be helpful.


iang

PS: IANAL, University of Grisham.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list