OSDev.orghttps://forum.osdev.org/ SSL/TLShttps://forum.osdev.org/viewtopic.php?f=8&t=30343 Page 2 of 2

 Author: embryo2 [ Sat May 21, 2016 4:47 am ] Post subject: Re: SSL/TLS SpyderTL wrote:I think that the technical byte-by-byte packet definition of the SSL standard(s) deserves it's own pageIn fact it's about mathematics. If you understand the math then it's simple to pack the bytes as required.In case of RSA algorithm it's relatively simple. Just google the "RSA" and the first link is a good start for it. After understanding RSA it is possible to read about something more complex.SpyderTL wrote:I understand that you understand how it all fits together, but someone just starting in OS Development or Network Security is going to have a hard time picking it apart.The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.

 Author: SpyderTL [ Fri May 27, 2016 3:44 pm ] Post subject: Re: SSL/TLS embryo2 wrote:The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS. It seemed like the article was, to use an analogy, jumping directly to HTML without first describing HTTP, or TCP/IP, or Ethernet. lpoulain wrote:I've split the page into 3. I will also work on adding more details about the TLS packets.Thanks. I think that works much better. I added a few enums and header structs as well. I'll try to add some more when I get some free time.lpoulain wrote:But the best way to understand how they are formed is to examine at a TLS communication using Wireshark. Please don't put that on the wiki page

 Author: embryo2 [ Sat May 28, 2016 2:58 am ] Post subject: Re: SSL/TLS SpyderTL wrote:I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS.But the article is just an introduction and it would be too large if all details should be present. And there's the link to the TLS protocol specification. May be it's also can be helpful to add the wikipedia link.It's more interesting how to separate OSDev wiki from the wikipedia.org, because there are some similar sections. Wikipedia.org provides some general information on the subject while OSDev wiki can provide something specific to OSDev, but it is also possible to describe something in a more clear manner than it is the case for wikipedia.org. In case of TLS I think there's nothing special for the OSDev wiki to provide, but for the security it's the important information how to design a secure OS, so it seems as a good idea to have OSDev specific security page.

 Author: lpoulain [ Mon May 30, 2016 3:01 pm ] Post subject: Re: SSL/TLS @SpyderTL: believe or not, the format of the TLS packets was the easiest part to code when I implemented TLS. The hardest part was how the crypto algorithms are used in practice by TLS, which is what I focused on the wiki. I might add a section about very large number computation (e.g. how to compute a ^ b mod c when using 1024-bit integers)@Embryo2: If you manage to get a Security page stub referenced in the main wiki page I will gladly contribute to it (BTW it would be nice if the Networking page was referenced as well). But I feel like an InfoSec page found only by searching isn't likely to be read by many people, if any.

 Author: SpyderTL [ Mon May 30, 2016 4:05 pm ] Post subject: Re: SSL/TLS The Security page is actually on the old "short" main page, but not on the new "expanded" main page. I've already asked to get it added to the new main page.And it doesn't do any good to explain what values go in the packets without including "where" in the packet those values go... I've added a few details already, but I'll add more when I get some time.

 Author: lpoulain [ Tue May 31, 2016 9:12 pm ] Post subject: Re: SSL/TLS I have updated the Handshake page and described in greater detail what each message corresponds to. I couldn't always use some C code as the message size can vary.

 Page 2 of 2 All times are UTC - 6 hours Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grouphttp://www.phpbb.com/