Stato connessione TLS [duplicato]

0

Al momento, sto cercando di capire a fondo TLS, quindi leggendo RFC 5264 . Nella sezione 6.1 viene spiegato lo stato della connessione del protocollo TLS Record:

A TLS connection state is the operating environment of the TLS Record Protocol. It specifies a compression algorithm, an encryption algorithm, and a MAC algorithm. In addition, the parameters for these algorithms are known: the MAC key and the bulk encryption keys for the connection in both the read and the write directions. Logically, there are always four connection states outstanding: the current read and write states, and the pending read and write states. All records are processed under the current read and write states. The security parameters for the pending states can be set by the TLS Handshake Protocol, and the ChangeCipherSpec can selectively make either of the pending states current, in which case the appropriate current state is disposed of and replaced with the anstehend state; the pending state is then reinitialized to an empty state. It is illegal to make a state that has not been initialized with security parameters a current state. The initial current state always specifies that no encryption, compression, or MAC will be used.

Quello che prendo da questo estratto è che il protocollo TLS Record richiede che determinati parametri (chiavi di crittografia, algoritmi MAC, ecc.) siano impostati per funzionare in modo sicuro. Il protocollo TLS Handshake fornisce i parametri più rilevanti. All'inizio dell'handshake TLS, i parametri di sicurezza non sono impostati ("nessuna crittografia, compressione o MAC").

Ma non ho questa parte:

Logically, there are always four connection states outstanding: the current read and write states, and the pending read and write states. All records are processed under the current read and write states.

Che cosa significano per stato di lettura, stato di scrittura e stato di attesa?

    
posta Hansi 16.08.2016 - 20:55
fonte

1 risposta

0

Da altro post su questo sito:

It's the state of the encryption. The pending state includes new encryption keys, and initialization vectors. There is a write key for sending data, and a read key for receiving data. The state of the keys and resulting IVs are the read and write states.

So when the current read/write state is overwritten with the pending read/write state it means that the new encryption keys and IVs are to be used for future communication. Until a new Change Cipher Spec message is received.

The significance of these states is that they keep track of the cryptographic state as data is being encrypted and decrypted. When a new key is negotiated these states are updated to use the new key that was negotiated between the peers. Key renegotiation is common among most cryptographic protocols.

Non c'è molto da aggiungere, la risposta lo copre praticamente.

    
risposta data 16.08.2016 - 21:14
fonte

Leggi altre domande sui tag