1 / 21

Limited Delegation for Client-Side SSL

Limited Delegation for Client-Side SSL. Nick Santos and Sean W. Smith Dartmouth College. 6 th Annual PKI R&D Workshop April 18, 2007. Worse Than Failure (doubles as a database of usability lessons). From http://worsethanfailure.com/Articles/Twice_Annual_About_Security.aspx.

zarola
Download Presentation

Limited Delegation for Client-Side SSL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Limited Delegation for Client-Side SSL Nick Santos and Sean W. Smith Dartmouth College 6th Annual PKI R&D Workshop April 18, 2007

  2. Worse Than Failure(doubles as a database of usability lessons) From http://worsethanfailure.com/Articles/Twice_Annual_About_Security.aspx

  3. But sharing passwords is a great use case! Sean Smith says: • It’s not about who you are. • It’s not about what you know. • It’s about who sent you! “Sharing passwords” might as well be called “user-to-user delegation of a well-defined set of privileges via a shared secret”

  4. Who Understands User-to-User Delegation? • Lawyers • Doctors and Nurses • Most Democracies • Managers and Secretaries • H&R Block • Anyone who has ever gone on vacation • Teenage babysitters everywhere And Who Doesn’t? • Traditional PKI

  5. A Belated Summary of This Talk Three Major Questions We Want to Think About: • How important is user-to-user delegation for a usable PKI? • How could this feature complicate (and enhance) a PKI implementation? • How feasible would it be to build and deploy such a feature?

  6. The Experiment To help give us insight into some of these questions, we built a bunch o’ stuff for client-side SSL: • Limited delegation using proxy certificates • …with a user interface • …for use with Mozilla Firefox and an Apache web server • …as part of a deployable browser-extension with a corresponding server plug-in

  7. Proxy Certificates • Easy implementation on top of X.509 • (all we do is add a ProxyCertInfo extension) With traditional X.509, the chain must end here Here, Charlie has access to Alice’s hay

  8. What else can we do with delegation?Multiple Identities! Yolanda Zeke Alice Xavier Bob(with identities A, X, Y, Z) If people are delegating access willy-nilly, maybe we should let Bob speak on behalf of multiple people at once?

  9. Modified Client-Side SSL (There’s more to it than just updating cert-validation code!) The standard… …and non-standard, with multiple identities

  10. Firefox Alice willuse her web browser to issue proxy certificatesBob willuse his web browser to manage his proxy certificatesA point to ponder:how does Alice give Bob the proxy certificate she issued?

  11. Apache The Server willsend a list of “privileges” that it supports—to Alice, in a cookieAlice willchoose a subset of this list of privileges to delegate to BobBob willpresent one or more certificate chains to The Server in an SSL session

  12. User Flow

  13. User Flow Service providers use cookies to tell Alice what “permissions” they support.

  14. User Flow

  15. User Flow By the proxy cert standard, I shouldn’t be creating proxy certs for pre-existing private keys. But it’s so much easier to ignore this!

  16. User Flow Teaching NSS to read and write proxy certificates: Easy!

  17. User Flow Teaching NSS to store proxy certificates without blowing up: Really hard!

  18. User Flow Thanks to XPCOM, we can dynamically (at run-time) unload Firefox’s SSL handlers, and load our own in their place. So we can enable/disable delegation as needed.

  19. Victory!

  20. Conclusions • Firefox and Apache, with their dynamically loaded modules, are well-architected to deploy such a system • Delegation does complicate PKI implementations, especially if you want limited privileges and multiple identities • How hard will it be to teach users how to delegate their PKI credentials? We still have no idea!

  21. Thanks Thanks to our friends at the Dartmouth College PKI Lab, Doug McIlroy, Michael Fromberger, our PKI07 Reviewers, and the National Science Foundation

More Related