Page 2 of 2
Re: SSL/TLS
Posted: Sat May 21, 2016 4:47 am
by embryo2
SpyderTL wrote:I think that the technical byte-by-byte packet definition of the SSL standard(s) deserves it's own page
In fact it's about mathematics. If you understand the math then it's simple to pack the bytes as required.
In case of RSA algorithm it's relatively simple. Just google the "RSA" and the first link is a good start for it. After understanding RSA it is possible to read about something more complex.
SpyderTL wrote:I understand that you understand how it all fits together, but someone just starting in OS Development or Network Security is going to have a hard time picking it apart.
The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.
Re: SSL/TLS
Posted: Fri May 27, 2016 3:44 pm
by SpyderTL
embryo2 wrote:The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.
I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS. It seemed like the article was, to use an analogy, jumping directly to HTML without first describing HTTP, or TCP/IP, or Ethernet.
lpoulain wrote:I've split the page into 3. I will also work on adding more details about the TLS packets.
Thanks. I think that works much better. I added a few enums and header structs as well. I'll try to add some more when I get some free time.
lpoulain wrote:But the best way to understand how they are formed is to examine at a TLS communication using Wireshark.
Please don't put that on the wiki page
Re: SSL/TLS
Posted: Sat May 28, 2016 2:58 am
by embryo2
SpyderTL wrote:I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS.
But the article is just an introduction and it would be too large if all details should be present. And there's the link
to the TLS protocol specification. May be it's also can be helpful to add the
wikipedia link.
It's more interesting how to separate OSDev wiki from the wikipedia.org, because there are some similar sections. Wikipedia.org provides some general information on the subject while OSDev wiki can provide something specific to OSDev, but it is also possible to describe something in a more clear manner than it is the case for wikipedia.org. In case of TLS I think there's nothing special for the OSDev wiki to provide, but for the security it's the important information how to design a secure OS, so it seems as a good idea to have OSDev specific security page.
Re: SSL/TLS
Posted: Mon May 30, 2016 3:01 pm
by lpoulain
@SpyderTL: believe or not, the format of the TLS packets was the easiest part to code when I implemented TLS. The hardest part was how the crypto algorithms are used in practice by TLS, which is what I focused on the wiki. I might add a section about very large number computation (e.g. how to compute a ^ b mod c when using 1024-bit integers)
@Embryo2: If you manage to get a Security page stub referenced in the main wiki page I will gladly contribute to it (BTW it would be nice if the Networking page was referenced as well). But I feel like an InfoSec page found only by searching isn't likely to be read by many people, if any.
Re: SSL/TLS
Posted: Mon May 30, 2016 4:05 pm
by SpyderTL
The Security page is actually on the old "short" main page, but not on the new "expanded" main page. I've already asked to get it added to the new main page.
And it doesn't do any good to explain what values go in the packets without including "where" in the packet those values go...
I've added a few details already, but I'll add more when I get some time.
Re: SSL/TLS
Posted: Tue May 31, 2016 9:12 pm
by lpoulain
I have updated the Handshake page and described in greater detail what each message corresponds to. I couldn't always use some C code as the message size can vary.