Hi, I’m currently working on an implementation of LURK to be integrated with OpenSSL and NGINX. After having identified all main parts and started the development, I have some questions regarding the LURK extension for (D)TLS 1.1 and 1.2 draft, more specifically for RSA as key exchange method (rsa_master, section 5).
As I understand, the Edge Server (LURK client) only needs the Private Key to decrypt the premaster secret sent by the TLS client. I would like to understand why LURK server computes the master secret instead of only decrypting the premaster secret and letting the Edge Server compute the master secret (since it is terminating the TLS connection). In this way: 1. the LURK server would still protect the private key. 2. it’d be less intrusive for the TLS protocol (the only change is the remote decryption instead of local decryption), it’d have less impact on the OpenSSL code as well. 3. less error handling (however, LURK server would have less control over the cyphers, TLS versions, PRF functions…). 4. the master secret would be locally computed by the TLS server and never sent through the network (that is, even if an attacker compromises the secure connection between LURK client and server and steals the decrypted premaster key, they still need for other values of the TLS connection in the LURK client). Thank you in advance. Best regards, Jesús Alberto
_______________________________________________ Lurk mailing list Lurk@ietf.org https://www.ietf.org/mailman/listinfo/lurk