HTTPS and beyond
http://en.wikipedia.org
- Confidentiality
- Integrity
- Authenticity
https://en.wikipedia.org
Alice
Mallory
Bob
| S | S | |
|
|
“Hi, Bob” | |
| ↓ | ↑ | |
| ciphertext | → |
|
Carol
PAlice, RAlice
PCarol, RCarol
|
|
“Hi Carol, it's Alice” | |
| ↓ | ↑ | |
| ciphertext | → |
Alice
Mallory
Carol
| RAlice ⨉ PCarol | RCarol ⨉ PAlice | |
| ↓ | ↓ | |
| S | S | |
| timetable.pdf | ← | S(timetable.pdf) |
R(P(x)) = x
P(R(x)) = x
PBob(certificate) → “Alice is PAlice”
HTTP
TCP
IP
HTTP
TLS/SSL
TCP
IP
Client
Server
| PC, RC | → | PC |
| PS | ← | PS, RS |
| RC ⨉ PS = S | RS ⨉ PC = S | |
| C | ← | S(C) |
|
||
Problems
No client authentication
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
GOST2012256-GOST89-GOST89
DHE-RSA-CAMELLIA256-SHA256
DHE-RSA-CAMELLIA256-SHA
GOST2001-GOST89-GOST89
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA256
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA256
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA256
CAMELLIA128-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.3;
Beyond
The Seif Protocol
Aashish Sheshadri, Rohit Harchandani and Douglas Crockford
PayPal 2016
{
action: "store_image",
filename: "cute_puppy.png",
contents: <Blob 0010101110101...>
}
PUT /images/cute_puppy.png HTTP/1.1
Accept: text/html,application/xhtml+xml,application/
xml;q=0.9,image/avif,image/webp,image/apng,*/*;q
=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-AU,en;q=0.9,en-NZ;q=0.8,la;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/naww
Cookie: server=2022-08-05T09:35:20.537Z;
secret=LEGIT; sid=Fe26.2**X90efJ4G*9Hfd5R6c9b8aX
lq08kefyKa5c8b60d1l5Ip4228IjTj3485Q8bE84wQ6D2IkN
CY2of*045HNKMA5iaVofJFddY-K4ya13SgZdgSaLSj700vdE
OrUw*Gd0pUgaDuEJoceXDbEF0Ihh9HZIF0E-j2vAwrL4AVEl
qbJ51g0Bgk1HQLe64PLoic_6vb5vEtgnBu_cxyC5e6fuMnzj
1_-9UR3U0s5NvZ9D2248Y7GIW4Pw-73bvw3fF-5v1Fc3edJd
oFpP541zg*TM8O99FD5c1JL16F72f8hg7eaWnWRej6EWuGJD
6ys0G-9-bP3cddzr716uJ7cervlU1y38e*afS2rfEOufwdb1
F7p92bYfr32Vc0adp1072e2btUIbK37H78z8qb7Pee2XBX9v
eB4Oa9VuOGF00o4FUhm7PU4F609reQ9b18JA94D3g8kc097w
Host: imagebucket.com
Pragma: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 1
0_15_7) AppleWebKit/537.36 (KHTML, like Gecko) C
hrome/106.0.0.0 Safari/537.36
WebSockets
HTTP
TLS
TCP
IP
Seif
TCP
IP
ECC-521 and AES-256-GCM
PAlice, RAlice
PBob, RBob
| H | ||
| PBob(H), H(PAlice) | → | H, PAlice |
| S | ||
| S | ← |
WebSeif
- Uses the WebCrypto API
- Portable JavaScript
- Small
- No dependencies
- github.com/jamesdiacono/webseif
Email me at
james@diacono.com.au
My website is https://james.diacono.com.au
Creations at github.com/jamesdiacono
My website is https://james.diacono.com.au
Creations at github.com/jamesdiacono