|
Helaine, Hubert wrote on Wed, 31 Mar 04, 5:45 AM:
So there are two issues here: WTLS and using WIM in TLS. In the WTLS case, you will need to implement the entire WTLS protocol and add it to mozilla. NSS does not implement WTLS. Then there is just using the WIM in TLS. In this case the only server facing information about the fact the WIM is being used is when the WIM signs the VerifyCertificate message. None of this has anything to do with the master secret.
Softoken already provides this. It will even use entropy from your token if you advertise CKF_RANDOM on your token flags.
Softoken handles this OK as well (if it generated the pre-master secret)... though I presume you mean 'pre-master does not leave the token'
Your token will have to do this. NSS uses the client private key based on the client cert (NSS chooses the CERT you want to use, then uses that cert to locate the key. Once NSS locates the private key, it uses the token the key lives in to do the signing... except for the export key function (which is expected to fail on tokens), NSS never tries to extract a private key it just uses it in place. This part should already work for you. This is also the only part that a remote server will see.
Again the Softoken handles this correctly (assuming it generated the pre-master secret.
So the pre-master secret and master secret stays in the tokens, but the individual session keys *DO* leave the token? This is a quite unusual scenario. Usually either no symetric keys are protected are all keys are protected. What is the threat model you are trying to protect from?
The master and pre-master secret are part of the symetric handshake. In the RSA case, the only private key in use by the client is the signing key.
No, If you do your system is likely not to function is some instances. You might be able to get away with truning of SSL3 or TLS in the softoken flags, though in that case I still think some things might break.
2- Change the token selection policy for selection of token for SSL: is it a good idea, which file need to be modified ?
This will break FIPS complient tokens which only do some of the Symetric operations. You wind up in situations where you have the key you need in a token that won't give it up, but can't do the requested cipher. That is why SSL uses the selection criteria it currently uses.
Not necessarily. First I would only do RC4. It's 99.99% of the SSL connections out there anyway. Do you really care if NSS falls back to softoken in the AES, DES, and RC2 cases. If you really want your token to do any of the SSL handshake, then it really should do all of it.
Again, there is no way a server can tell if the WIM is used to generate the pre-master secret or not, so it is not possible for any server to depend on this.
bob
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
|
- use of a PKCS11 plug in for SSL/TLS handshake for mozilla Helaine, Hubert
- Re: use of a PKCS11 plug in for SSL/TLS handshake for... Robert Relyea
- RE: use of a PKCS11 plug in for SSL/TLS handshake for... Helaine, Hubert
- RE: use of a PKCS11 plug in for SSL/TLS handshake... Robert Relyea
- RE: use of a PKCS11 plug in for SSL/TLS handshake for... Helaine, Hubert
- Re: use of a PKCS11 plug in for SSL/TLS handshake for... Nelson B
