Re: The OpenSSL API

On Aug 16, 3:27 am, Harold Weissman <Harold...@xxxxxxxxxxx> wrote:

Can anybody in this forum explain why the API exposed by OpenSSL
is so complicated?

The short answer is that security is complicated.

I am thinking from the point of view of an application
A that wishes to exchange data securely with some remote application B
using SSL. I would naively thought that an API with four calls would be
enough: One for establishing the secure channel, another for sending
data, another for receiving data, and one for terminating the secure
channel.

Perhaps a niche solution that supported only a single application and
security model could be made that simple.

In my view, the application developer only wants to use security
afforded by the protocol, without having to know anything much (or at
all) about the protocol itself - after all, when doing sockets
programming, one does not have know much about TCP/IP, right? However,
the OpenSSL API forces application developers to do many of the protocol
chores by hand, so to speak.

I'm afraid that painful experience has proven that it is impossible to
produce a secure application without being an expert in computer
security. Even using a library like OpenSSL that tries as hard as it
can to make it easy, there are still so many ways that you can screw
it up. You need someone who has already made all those mistakes.

Since the designers of the OpenSSL are clearly not stupid, I must
be missing something important here. What is it?

What you are missing is that computer security is so hard that secure
applications require a computer security expert to at least review
their design and guide their implementation.

I could give you a list of examples, but one should be enough. Diebold
screwed up RSA signatures in their voting machines by comparing only
160-bits of the signature since they used a 160-bit hash. (See section
3.5)
http://election.dos.state.fl.us/pdf/SAITbrowningLetter.pdf

DS

.

Relevant Pages

  • Re: how to secure my computer
    ... nothing is 100 % secure. ... use IRC or some other free standard protocol for live ... so they don't possibly have some ancient security problem. ... - - data backups ...
    (comp.os.linux.security)
  • Re: In need of a "simple" secured tcp/ip protocol.
    ... If you have control over the code for both client and server and both ... If different clients belong to different security domains ... symmetric encryption with a protocol for secure key exchange. ...
    (comp.lang.java.programmer)
  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)
  • "An Asp.Net accident waiting to happen" - Draft article
    ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)