Cryptography Reference
In-Depth Information
After the MAC is verifi ed and removed and the padding is stripped off, the
payload of
474554202f696e6465782e68746d6c20485454502f312e310d0a
is handed
off to the HTTP protocol. This is just the ASCII encoding of “GET /index.html
HTTP/1.0” and the CRLF delimiter. HTTP doesn't indicate its length; the TLS
header gave the TLS layer enough information to decrypt and strip off the MAC,
but it's up to HTTP to fi gure out what to do with this message.
The server's response is omitted here. After the server has responded, though,
it sends
12:37:04.089204 IP localhost.localdomain.https > localhost.localdomain.56047: P
1291:1328(37) ack 344 win 256 <nop,nop,timestamp 12673418 12673418>
0x0000: 4500 0059 82ea 4000 4006 b9b2 7f00 0001 E..Y..@.@.......
0x0010: 7f00 0001 01bb daef 1e28 e71b 1e32 650a .........(...2e.
0x0020: 8018 0100 fe4d 0000 0101 080a 00c1 618a .....M........a.
0x0030: 00c1 618a
1503 0100 20ae dd34 8655 8551
..a........4.U.Q
0x0040:
3836 6592 0d73 dcda 4770 9798 dc2a c22c
86e..s..Gp...*.,
0x0050:
79da e8c2 0945 6c4f 61
y....ElOa
As you can see from the header, this is an alert. Of course, it's encrypted,
but you know by now that this is a
close_notify
alert. This is followed by the
normal TCP shutdown.
Differences Between SSL 3.0 and TLS 1.0
As mentioned previously, TLS is a minor revision to SSL 3.0, which was a major
overhaul of SSLv2. There are few differences between SSL 3.0 and TLS 1.0; TLS
defi ned a handful of new alert types and removed support for the Fortezza key
exchange algorithm.
WHAT IS FORTEZZA?
Fortezza was the U.S. government's aborted attempt at a
key escrow
system.
The idea was that you could use as strong cryptography as you liked, but you
had to share a copy of the private key with the U.S. government in case it ever
needed to decrypt something that you had exchanged. This didn't go over
well with the U.S. public and went over even less well with users in foreign
countries.
The U.S. government has not resurrected a key escrow system since the fail-
ure of Fortezza. Whether this means that they've decided that it's not nice to
snoop on people or whether they've found but kept secret a fundamental fl aw
in the cryptographic protocols that TLS relies on that allows them to decrypt
your data at will is for you to decide.
The most signifi cant difference, and what necessitated a new version, was
the introduction of the PRF. SSL 3.0 had a premaster secret, just like TLS 1.0,
Search WWH ::
Custom Search