[Cryptography] CloudFlare reinvents crypto offload
Viktor Dukhovni
cryptography at dukhovni.org
Fri Sep 19 01:33:17 EDT 2014
On Fri, Sep 19, 2014 at 05:09:00PM +1200, Peter Gutmann wrote:
> Someone recently pointed me to CloudFlare's Keyless SSL:
>
> http://arstechnica.com/information-technology/2014/09/in-depth-how-cloudflares-new-web-service-promises-security-without-the-key/
>
> I can't see what the innovation is here. They say that instead of doing the
> SSL premaster secret processing directly on the web server, the magic is to do
> it on a secure external system/device. I guess they could call this external
> device a Helper for SSL Mechanisms or "HSM". I wonder why no-one's ever
> thought of this before.
[ I guessing you're not actually confused, merely sarcastic, but for
the record, in case anyone else is, my best guess of the idea is below. ]
There's no magic here, just delegation of handshake signing not to
an HSM, but to the back-end web-server, so that the client's (bank's)
key is not shared with CloudFlare. Presumably CloudFlare deflects
most of the attack traffic before forwarding a manageable rate of
signing requests to the client, and relies on client session caches
to further limit the rate of signature requests, so that the client
only sees a fraction of the load.
This would work even better if the client could sign a short-term
proxy certificate enabling CloudFlare to do the crypto locally.
However, I am led to believe that proxy certificate support is
still rather thin...
With DANE + DNSSEC, the client could just CNAME their TLSA RRs to
CloudFlare's TLSA RRs, but DNSSEC is not terribly widely deployed
yet, and in any case IIRC you're on the record as a DNSSEC skeptic.
--
Viktor.
More information about the cryptography
mailing list