[Cryptography] Is it time for a revolution to replace TLS?
Guus Sliepen
guus at sliepen.org
Fri Apr 25 06:56:53 EDT 2014
On Tue, Apr 15, 2014 at 08:07:08PM -0000, dj at deadhat.com wrote:
> > http://clearcryptocode.org/tls/
> >
> > Probably not going to happen, but it's nice to dream...
>
> It is one of my long term, implausible goals to replace TLS with a
> collection of independent app to app function-targeted security protocols
> that are individually simple enough to understand and implement cleanly. I
> will certainly fail.
For tinc (a VPN daemon), I've been working on a simplified version of TLS[1], that
is specifically targeted at peer-to-peer communication, where both peers have
each other's public key beforehand. This removes the whole X.509 certificate
mess from the protocol. It also does not support any cipher suite negotiation,
instead it always uses a fixed suite (the current implementation[2] uses
ECDHE-Curve25519-Chacha-Poly1305).
One can either exchange public keys manually, or one peer can generate an
invitation URL which contains the address of that peer, a hash of that peer's
public key and a secret nonce. The URL can be given to an invitee, which can
then contact the first peer, verify that that peer's public key is correct,
send its own key, establish a connection using the above mentioned
protocol, and then send the secret nonce. If the nonce is correct, the
first peer can store the invitee's public key permanently. Of course, one
must take care the invitation URL is not leaked before the invitee has
had a chance to use it.
[1] http://tinc-vpn.org/git/browse?p=tinc;a=blob;f=doc/SPTPS;hb=refs/heads/1.1
[1] http://tinc-vpn.org/git/browse?p=tinc;a=blob;f=src/sptps.c;hb=refs/heads/1.1
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.org>
More information about the cryptography
mailing list