📄 ssl-talk-faq.txt
字号:
each request for "www.consensus.com" to different IP addresses. As
Netscape Navigator does not check to see that the IP address matches
the original domain name (reverse-IP), this will work for each
round-robin server.
Netscape's Navigator will also allow for some simple pattern
matching. Netscape has documented a number of different possiblities
in their SSL 2.0 Certificate Format web pages at
<http://home.netscape.com/newsref/std/ssl_2.0_certificate.html>
Note, however, none of these regular expression/pattern matching
choices are accepted by VeriSign. In the past they have accepted
server certificate common names with regular expressions, but these
are no longer allowed.
Other CAs may have different policies regarding use of regular
expressions in common names.
5.4) When comparing a URL against the common name of the certificate,
why don't you do a reverse-DNS lookup?
DNS is not a secure name service, and trying to treat it like one
could be a security hole. The purpose of checking the common name
against the URL is to make sure that at least the user's expectation
of what site the user is visiting is not compromised.
5.5) Does Netscape require hierarchical naming (that is, distinguished
names) for its certificates?
Yes, Netscape requires distinguished names.
5.6) Where can I get more information on certificates?
VeriSign, the default CA (Certificate Authority) used by Netscape
and most other WWW browsers has a FAQ at
<http://digitalid.verisign.com/id_faqs.htm>
There is also a good resource of links to a variety of certificate
technical and policy issue sites available at
<http://www.zoo.net/~marcnarc/PKI/References.htm>.
5.7) What other CAs are there besides VeriSign?
We know of these CAs:
EuroSign - The European Certification Authority
<http://eurosign.com/>
COST Computer Security Technologies <http://www.cost.se/>
Thawte Consulting <http://www.thawte.com/certs/>
In addition, we have heard that Entrust (Northern Telecom/NorTel),
GE, and the US Postal Service may be announcing CA services, but
we don't have web pages for them.
5.8) How do I set up my own Certificate Authority?
There is some support for creating your own CA in SSLeay; there is
information on how to integrate it with Netscape available at
<http://wheat.webvision.com/~dhm/wvca-howto.html>
5.9) What criteria should I use in deciding between one CA and another?
The purpose of a Certificate Authority is to bind a public key to
the common name of the certificate, and thus assure third parties
that some measure of care was taken to ensure that this binding
is valid. A measure of a Certificate Authority is their "Policy
Statement" which states what measures they take for each class of
certificate they offer to ensure that this binding of identity
with public key is valid.
------------------------------
6) SSL IMPLEMENTATION ISSUES
This section offers specific implementation details of different SSL
clients and servers that are not specific to the protocol.
------------------------------
6.1) NETSCAPE QUESTIONS
Sub-section 6.1 is maintained by Eric Greenberg <erig@netscape.com> --
any comments or questions should be sent to him.
6.1.1) Will SSL 3.0 functionality be available to Java applets via the
Netscape plug-in interfaces available as part of LiveConnect in Netscape
3.0?
It will not be in 3.0, but Netscape is looking at it for a future
release.
6.1.2) Does the Netscape browser cache on disk data that has been sent
over by https?
Navigator 3.0 has an option to allow caching of data fetched
over SSL connections. The default setting is to not cache data.
In Navigator 2.0, documents fetched using SSL were cached in the
same way as non-SSL documents. You could use the "Pragma: no-cache"
HTTP header to disable caching for a particular page. In Navigator
1.0 documents fetched with SSL were not cached.
6.1.3) Is the cached data encrypted using some key?
No, Netscape has never encrypted documents that are stored in the
cache.
6.1.4) The Help Information for Netscape's Enterprise 2.0 server
indicates that the server supports 6 ciphers for SSL 2.0 and 6
ciphers for SSL 3.0. However, the Encryption|Security Preferences
menu in the server Manager displays only 2 choices for SSL 2.0 and 3
choices for SSL 3.0. How can I select the other choices?
You have the export version of the server which supports only the
ciphers displayed. If you want to use the others, you must
use the US-only (non-export) version.
6.1.5) What mechanisms will be available for "aging" passphrases used
to unlock certificate databases. Will these be configurable?
At this point no mechanisms exist in Netcape's Navigator, and
therefore aging is not configurable. Presumably the future of
personal certificate databases requires smartcards, but until that
time aging is an application specific function.
6.1.6) Is Netscape adopting any open standards for APIs in these
areas? Is Netscape working with any standards bodies or other groups on
such APIs? Is there any word on the emerging security architectures,
such as Microsoft's Crypto-API, RSA's LOCT, or GSS-API?
Netscape has been participating in a number of working groups
interested in standard security APIs. At this point Netscape has not
adopted a single security API approach or committed to a specific
proposed standard security API. Eventually Netscape may use all or
some subset (or perhaps none) of these specific architectures.
Netscape welcomes customer comments or suggestions on this topic.
6.1.7) Does Netscape use "regular" RSA libraries (such as BSAFE) or
"custom" RSA code? More specifically, is Netscape using BSAFE 3.0?
BSAFE 3.0 is currently being integrated in all of Netscape's
products. Netscape has modified portions of the BSAFE API to improve
efficiency in the heavy load environment of their products, but
Netscape continues to integrate the upgraded code from RSA as
soon as practical.
6.1.8) Will Netscape client authentication be interoperable with
other SSL implementations?
We can't speak to which specific implementations have been testing
against our server. Netscape does currently offer an
interoperability test server that has been used to test conformance
with many other implementations of SSL 3.0. This server is located
at
<https://www3.netscape.com/>
6.1.9) How might Netscape offer more "cryptographic flexibility,"
such as selection of algorithms and authentication without
encryption?
SSL 3.0 allows for authentication-only (and even encrypt only)
methods. Algorithm selection is negotiated by the client and the
server. The Navigators "Security Preferences:General" allow the
user to define per algorithm overrides for each SSL2 or SSL3
session.
6.1.10) Isn't encrypt-only SSL open to "man-in-the-middle" attacks?
Yes, even though SSL 3.0 supports encrypt-only (through the
SSL_DH_anon_WITH_DES_CBC_SHA ciphersuite), there are many possible
attacks against it, and we recommend against using it. SSL *MUST*
have strong authentication at the record layer or it becomes open to
some attacks. It doesn't matter if the application has
authentication at the application layer.
6.1.11) Are the 512-bit RSA keys used by exportable applications
generated on the fly by the server? How often are they changed? (The
spec recommends every 500 transactions.) Does the Netscape server
take care of changing them automatically?
In the Netscape 2.0 servers, if the server's public key is longer
than 512 bits, it generates a temporary 512-bit export key at
start-up time. This key is regenerated only when the server is
restarted. Netscape does it this way because generating a key can
take several seconds.
The 500 transaction limit is only a guideline and largely depends on
how valuable the information being encrypted is. For information
for which you worry about how often the key is regenerated you
should probably be using something stronger than a 40-bit symmetric
key anyway.
6.1.12) What are the plans for mechanisms for adding root keys and
accepting root certificates for future use?
Root keys for CA (Certificate Authority) certificates are loaded
through an automatic process using an SSL connection to a previously
unknown CA. Also new releases of the Navigator have added additional
CA root keys.
Presumably in the future loading a root cert object through a local
process, such as from disk, LDAP, or other out-of-band mechanism,
will be a supported addition or in place of the present method of
connecting to a trusted server and downloading the certificate
chain.
6.1.13) With regard to the certificate extensions documentation at
<http://home.netscape.com/eng/security/certs.html> what X.509v3
certificate extensions will the release 3.0 Navigator use?
The following extensions are supported in some way by Navigator 3.0:
netscape-revocation-url
netscape-ca-revocation-url
A button will appear on the Document Info page for server's whose
certificate (or CA's cert) contains these extension. When the button
is pressed the CA will be queried via HTTP GET, and will display a
dialog to indicate to the user if the cert is good or not.
netscape-cert-renewal-url
If a user attempts to use a client certificate that has expired, a
dialog will be displayed warning them that their cert has expired,
and if this extension exists, a button will be on the dialog that
will bring up a window displaying the URL.
netscape-ca-policy-url
A button will be displayed on the Document Info for server certs
that contain this extension. When press a window displaying the
policy URL will be opened.
netscape-ssl-server-name
This extension is used in place of the common name when it exists to
verify the domain name of the site.
netscape-comment
A Netscape-specific place for comments.
6.1.14) Does the Navigator actually use the revocation URL
or CA revocation URL?
There is no automatic revocation check. As mentioned above, a button
allowing manual checks is displayed on the Document Info page. This
feature was added because some people needed revocation, but we did
not have time to support full CRLs. In a future release we will
support CRLs, and possibly other forms of revocation technology.
------------------------------
6.2) MICROSOFT QUESTIONS
The text for sub-section 6.2 was grabbed from various documents
found at
<http://www.microsoft.com/intdev/security/>
6.2.1) Which of Microsoft's products will support SSL?
Internet Explorer 3.0 provides support for SSL versions 2.0 and 3.0
and for Private Communication Technology (PCT) version 1.0. It will
include support for the Transport Layer Security Protocol (TLS),
which is being considered by IETF.
6.2.2) Which Microsoft products support Client Authentication?
Client authentication as implemented by Microsoft Internet Explorer
3.0 is interoperable with popular Web servers that support secure
sockets layer (SSL) 3.0 client authentication.
Microsoft is working to extend the complete set of technology
components necessary for webmasters to incorporate client
authentication in their Web applications. This includes extending
Windows NT(r) Server operating system support for challenge and
response and the SSL 2.0 protocol used by Microsoft Internet
Information Server to also include support for client authentication
through the SSL 3.0 protocol.
------------------------------
7) SSL TOOKIT QUESTIONS
This section offers specific details of different SSL development
toolkits that are not specific to the protocol.
------------------------------
7.1) SSLREF QUESTIONS
This subsction contains information on SSLRef 3.0 which was
codeveloped by Netscape Communications Corp. of Mountain View,
California <http://home.netscape.com/> and Consensus Development
Corporation of Berkeley, California <http://www.consensus.com/>.
7.1.1) What is SSLRef 3.0?
SSLRef 3.0 is a reference implementation of the SSL (Secure Sockets
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -