I’m currently working on an implementation of LURK to be integrated with 
OpenSSL and NGINX. After having identified all main parts and started the 
development, I have some questions regarding the LURK extension for (D)TLS 1.1 
and 1.2 draft, more specifically for RSA as key exchange method (rsa_master, 
section 5).

As I understand, the Edge Server (LURK client) only needs the Private Key to 
decrypt the premaster secret sent by the TLS client. I would like to understand 
why LURK server computes the master secret instead of only decrypting the 
premaster secret and letting the Edge Server compute the master secret (since 
it is terminating the TLS connection). In this way:

1. the LURK server would still protect the private key.
2. it’d be less intrusive for the TLS protocol (the only change is the remote 
decryption instead of local decryption), it’d have less impact on the OpenSSL 
code as well.
3. less error handling (however, LURK server would have less control over the 
cyphers, TLS versions, PRF functions…).
4. the master secret would be locally computed by the TLS server and never sent 
through the network (that is, even if an attacker compromises the secure 
connection between LURK client and server and steals the decrypted premaster 
key, they still need for other values of the TLS connection in the LURK client).

Thank you in advance.

Best regards,

Jesús Alberto
Lurk mailing list

Reply via email to