maker
/
bachelor


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
							\chapter{The Secure Layer \label{chap:ssl}}

Transport Layer Security, formerly known as SSL (Secure Socket Layer), aims
to bring some security features over a communication channel, specifically
providing \strong{integrity} and \strong{confidentiality} of the message, \strong{authenticity} of the server and
optionally the client.
%% fuck osi layers: there is no code explicitly structuring the internet in 7
%% layers.
It is nowadays widely adopted all over the world, being the de-facto standard for
end-to-end  encryption.

\paragraph{Certification Authorities} are authorities to whom it is granted the
power to \emph{authenticate} the peer. Pragmatically, they are public keys
pre-installed on your computer that decide who and who not to trust employing
of a digital signature. A more detailed analysis of the inside of a certificate
will be given in section ~\ref{sec:ssl:x509}.
In order to overcome the proliferation of keys to disribute, and satisfy the
use-case of a mindless user willing to accomplish a secure transaction on the
internet, the concept of a hierarchical model issuing digital certificates
proliferated with the following trust model:
\\
\\
%% E` BELLISSIMO QUESTO COSO
\begin{center}
  \begin{tikzpicture}[
    scale=.8,
    ->,>=stealth',
    ,level/.style={sibling distance = 10cm/#1,
      level distance = 2.5cm}]
    \node  {Root CA}
    child{ node {\small{Intermediate CA}}
      child{ node  {Issuer CA}
        child{ node {} edge from parent node[above left]
          {\tiny{loltrust}}}
        child{ node {}}
      }
      child{ node  {CA}
        child{ node  {Sub-CA}}
        child{ node  {}}
      }
    }
    child{ node {\small{Intermediate CA}}
      child{ node  {CA}
        child{ node  {hacked computer}}
        child{ node  {CA}}
      }
      child{ node {GVMT CA}
        child{ node  {}}
        child{ node  {}}
      }
    }
    ;
  \end{tikzpicture}
\end{center}


\paragraph{The protocol} is actually a collection of many sub-protocols:
\begin{itemize}
  \setlength{\itemsep}{1pt}
  \setlength{\parskip}{0pt}
  \setlength{\parsep}{0pt}
\item \strong{\emph{handshake}} protocol, a messaging protocol that allows to
  \emph{authenticate} the peers, and eventually restore a past encrypted
  session.
\item \strong{\emph{record}} protocol, permitting the encapsulation of higher level protocols,
  like HTTP and even the next two sub-protocols. It is the fulcrum for all data
  transfer.
\item \strong{alert} protocol, which steps-in at any time from handshake to closure of the
  session in order to signal a fatal error. The connection will be closed
  immediately after sending an alert record.
\item \strong{changespec} protocol, to negotiate with and notify  the receiver that
  subsequent records will be protected under the just negotiated keys and
  \texttt{Cipher Spec}.
\end{itemize}
We will proceed by describing in deep only the first two of these, due to their
relevant role inside the connection and furthermore, because they are the only
two we actually made use of during our investigations.


\section{The \texttt{handshake} protocol}
Different options:
\begin{itemize}
\item no session
\item session
\item client authentication
\end{itemize}


\section{The \texttt{record} protocol}

Until 2005, failure to authenticate, decrypt will result in I/O error and a
close of the connection

\section{What's inside a certificate \label{sec:ssl:x509}}

\section{Remarks among SSL/TLS versions}


%%% Local Variables:
%%% mode: latex
%%% TeX-master: "question_authority.tex"
%%% End: