Foundations of Python Network Programming 978-1-4302-3004-5
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 6 ■ TLS AND SSL<br />
discussion <strong>of</strong> all <strong>of</strong> the ways that public keys can be used to help secure key-cards, protect individual<br />
documents, assert the identity <strong>of</strong> an e-mail author, and encrypt hard drives. Here, we will focus on how<br />
public keys are used in the TLS system.<br />
Public keys are used at two different levels within TLS: first, to establish a certificate authority (CA)<br />
system that lets servers prove “who they really are” to the clients that want to connect; and, second, to<br />
help a particular client and server communicate securely. We will start by describing the lower level—<br />
how communication actually takes place—and then step back and look at how CAs work.<br />
First, how can communication be protected against prying eyes in the first place?<br />
It turns out that public-key encryption is pretty slow, so TLS does not actually use public keys to<br />
encrypt all <strong>of</strong> the data that you send over the network. Traditional symmetric-key encryption, where<br />
both sides share a big random block <strong>of</strong> data with which they encrypt outgoing traffic and decrypt<br />
incoming traffic, is much faster and better at handling large payloads. So TLS uses public-key<br />
cryptography only to begin each conversation: the server sends a public key to the client, the client sends<br />
back a suitable symmetric key by encrypting it with the public key, and now both sides hold the same<br />
symmetric key without an observer ever having been given the chance to capture it—since the observer<br />
will not be able to derive (thanks to powerful mathematics!) the server's private key based on seeing the<br />
public key go one way and an encrypted block <strong>of</strong> data going the other.<br />
The actual TLS protocol involves a few other details, like the two partners figuring out the strongest<br />
symmetric key cipher that they both support (since new ones do get invented and added to the<br />
standard), but the previous paragraph gives you the gist <strong>of</strong> the operation.<br />
And, by the way, the labels “server” and “client” here are rather arbitrary with respect to the actual<br />
protocol that you wind up speaking inside your encrypted socket—TLS has no way to actually know how<br />
you use the connection, or which side is the one that will be asking questions and which side will be<br />
answering. The terms “server” and “client” in TLS just mean that one end agrees to speak first and the<br />
other end will speak second when setting up the encrypted connection. There is only one important<br />
asymmetry built into the idea <strong>of</strong> a client and server, which we will learn about in a moment when we<br />
start discussing how the CA works.<br />
So that is how your information is protected: a secret symmetric encryption key is exchanged using<br />
a public-private key pair, which is then used to protect your data in both directions. That alone protects<br />
your traffic against sniffing, since an attacker cannot see any <strong>of</strong> your data by watching from outside, and<br />
it also means that he cannot insert, delete, or alter the packets passing across a network node since,<br />
without the symmetric key, any change he makes to the data will simply produce gibberish when<br />
decrypted.<br />
TLS Verifies Identities<br />
But what about the other class <strong>of</strong> attacks we discussed—where an attacker gets you to connect to his<br />
server, and then talks to the real server to get the answers that you are expecting? That possibility is<br />
protected against by having a certificate authority, which we will now discuss.<br />
Do you remember that the server end <strong>of</strong> a TLS connection starts by sharing a public key with the<br />
client? Well, it turns out that servers do not usually <strong>of</strong>fer just any old public key—instead, they <strong>of</strong>fer a<br />
public key that has been signed by a CA. To start up a certificate authority (some popular ones you might<br />
have heard <strong>of</strong> are Verisign, GeoTrust, and Thawte), someone simply creates a public-private key pair,<br />
publishes their public key far and wide, and then starts using their private key to “sign” server public<br />
keys by encrypting a hash <strong>of</strong> their data.<br />
You will recall that only the holder <strong>of</strong> a private key can encrypt data that can then be decrypted with<br />
the corresponding public key; anyone else in the world who tries will wind up writing data that just turns<br />
into gibberish when passed through the public key. So when the client setting up a TLS connection<br />
receives a public key from the server along with a block <strong>of</strong> encrypted data that, when decrypted with the<br />
CA's public key, turns into a message that says “Go ahead and trust the server calling itself<br />
db.example.com whose public key hashes to the value 8A:01:1F:…”, then the client can trust that it is<br />
really connecting to db.example.com and not to some other server.<br />
93