browser vendors and CAs agreeing on high-assurance certificat es

Fri Jan 6 12:06:50 EST 2006

Steven M. Bellovin wrote:
> In message <43BE8ADC.6010409 at algroup.co.uk>, Ben Laurie writes:
>> Bill Frantz wrote:
>>> On 12/24/05, ben at algroup.co.uk (Ben Laurie) wrote:
>>>
>>>> I don't see why not - the technical details actually matter. Since the
>>>> servers will all share a socket, on any normal architecture, they'll all
>>>> have access to everyone's private keys. So, what is gained by having
>>>> separate certs?
>>> I responded in private email:
>>>
>>>> With a POLA architecture, perhaps on a capability OS (dream, dream),
>>>> they might not share access to the private keys.  However, given current
>>>> software, I grant your point.
>>> Ben responded that I should post my comments to the list.
>>>
>>> There are two scenarios I see as being viable for separating the private
>>> keys with a security barrier.  One is the single machine case alluded to
>>> above.  Here the private keys would be in separate security domains, and
>>> the common part of the web server, which listens on the socket, would
>>> read the initial data on the TCP connection, select the correct security
>>> domain, and "pass" the connection to that domain. While the common part
>>> could continue to examine all the data, those data would be encrypted,
>>> so the it would have the same access as any other untrusted node in the
>>> path.
>>>
>>> The other scenario involves a network switch which performs the function
>>> of the common code of the web server.  It uses network address
>>> translation to forward the connection's packets to the back-end computer
>>> with the correct private key.  Here the keys are protected by being kept
>>> on separate computers.
>> This would defeat the reason people share IP addresses, which is so they
>> can share a single machine to reduce costs. Of course, a capability OS
>> would permit this whilst separating keys, as you said.
>>
> It doesn't have to be a capability-based OS; one could easily envision 
> a (ahem) alternate browser strategy accomplish it.  Consider, to pick a 
> non-random example, Apache.  Apache 2.0.x (and I think 1.y, but I don't 
> run it so I can't be sure) forks several child processes to actually 
> serve the pages.  What if the <VirtualHost> directives contained an 
> optional User directive that specified the uid each virtual host should 
> run as?  You could have different processes for different virtual hosts.

Apache 1.x does indeed service each connection within its own child
process. Apache 2.x actually has a more flexible mechanism: it uses
things called MPMs (Multi-Processing Modules) which choose how
connections are handled. Some of them use threading and some use
processes and some use both. There is an MPM called "perchild" which
does exactly what you want:
http://httpd.apache.org/docs/2.0/mod/perchild.html - sadly, it is not
currently functional, though I'm sure that either money or time would
make it so.

> Yes, that would require more bookkeeping on the part of Apache; it 
> would also require more (perhaps many more) processes running 
> simultaneously.

I think this is certainly a risk.

> Both of those are much smaller changes than a 
> capability-based OS.  (Hmm -- who was it who noted that capability-
> based systems were the wave of the future, and always would be?)

Someone firmly rooted in the past, perhaps?

> A final note -- multiple IP addresses is not the same as multiple 
> machines.  Lots of hosting companies dedicate an IP address to each 
> customer, but put them all on a single machine.

True, but at least with multiple IPs you can bind separate instances of
the webserver to each IP on conventional OSes, unlike name-based virtual
hosting.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com