|
Cs 259: tls/ssl
|
bet | 1/9 | Sana | 23.12.2022 | Hajmi | 251 Kb. | | #36735 |
Bog'liq 02-SSL Бир вақтнинг ўзида ҳам таомдан лаззатланиш - Reference: http://www.stanford.edu/class/cs259/
Overview - Introduction to the SSL / TLS protocol
- Widely deployed, “real-world” security protocol
- Protocol analysis case study
- Start with the RFC describing the protocol
- Create an abstract model and code it up in Mur
- Specify security properties
- Run Mur to check whether security properties are satisfied
What is SSL / TLS? - Transport Layer Security protocol, ver 1.0
- De facto standard for Internet security
- “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications”
- In practice, used to protect information transmitted between browsers and Web servers
- Based on Secure Sockets Layers protocol, ver 3.0
- Deployed in nearly every web browser
SSL / TLS in the Real World - SSL 1.0
- Internal Netscape design, early 1994?
- Lost in the mists of time
- SSL 2.0
- SSL 3.0
- Designed by Netscape and Paul Kocher, November 1996
- TLS 1.0
- Internet standard based on SSL 3.0, January 1999
- Not interoperable with SSL 3.0
Let’s Get Going… - Informal
- Protocol
- Description
- RFC
- (request for
- comments)
- Network protocols are usually disseminated in the form of an RFC
- TLS version 1.0 is described in RFC 2246
- Intended to be a self-contained definition
- Describes the protocol in sufficient detail for readers who will be implementing it and those who will be doing protocol analysis (that’s you!)
- Mixture of informal prose and pseudo-code
- Read some RFCs to get a flavor of what protocols look like when they emerge from the committee
|
| |