Sunday, June 07, 2020

4. TLS/SSL and cryptography


(Back to the top of this sequence of postings.)

Here we want to answer the same three questions we had above about IPSec:
  1. What are the technical mechanisms in place for rekeying and effective use of encryption?
  2. What was known, at the time these protocols were developed, about the best practices for rekeying?
  3. What are best practices today?
but this section will be much shorter, as I know so much less about TLS (despite the fact that it is the most important use of encryption on the Internet today).

The current standard for Transport Layer Security, or TLS, is RFC8446, published in 2018.  It specifies version 1.3 of the protocol.  The main document itself is only 160 pages, not bad for something so complex and important.

...oh, what is TLS?  It's the protocol that HTTPS runs over.  It's the successor to SSL, the Secure Sockets Layer, which was the first way to encrypt web browsing.  TLS originally built on top of a reliable transport protocol, such as TCP, though a later adaptation (RFC6347) lets it run over a datagram protocol.  We'll only worry about running it over TCP here.  TLS provides privacy, by encrypting all of your web browsing traffic for a particular connection.  It also provides data integrity, using a MAC (message authentication code) when necessary. (IPsec also does both, but we ignored that above.)

No comments: