Cryptographic Design for Chandler

Or how PKI will be implemented in Chandler to facilitate sharing.

It should be made clear that we are not cryptographers, so if you notice anything wrong in our approach, please let us know!

External libraries

We chose to use OpenSSL because it is widely used, under active development, and there are Python wrappers for it. We chose to use the M2Crypto wrapper, because it seems to be reasonably comprehensive, we can easily use the OpenSSL documentation with it, and it is also under active development.

• http://www.openssl.org/
• M2Crypto
  • Additional HOWTO on S/MIME: http://www.asiatica.org/~ludo/archive/2004/05/Python_smime_verify.html

Ciphers, Hashes, Keys and Other Crypto Junk

Things to use when possible (from Practical Cryptography and other sources):

• Cipher: AES
• Key size: 256 (does OpenSSL support this for AES, or is it only 128 bits?)
• Block Cipher Mode: CBC or CTR (but check CCM, GCM)
• Hash: SHA1, which is 160 bits (should switch to SHA-256, requires OpenSSL 0.9.8+)
• Message Authentication Code (MAC): HMAC-SHA1 (change to HMAC-SHA-256)
• Public key algorithm: RSA
• Public key size: 2048 (it seems like some hardware tokens such as eToken may be limited to 1024 so either need to change the default to that or at least provide it as an option)

CA Certificate Policy

Our CA certificate inclusion policy is to ship with what Mozilla ships with: http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt. See also http://curl.haxx.se/docs/caextract.html for a script that can convert the Mozilla certdata.txt into PEM format. Latest M2Crypto also has such a script: http://svn.osafoundation.org/m2crypto/trunk/demo/x509/certdata2pem.py

The Mozilla policy is explained in http://www.mozilla.org/projects/security/certs/policy/.

The Mozilla policy is pretty good. Among other things, it relies on well-known auditors to vet the quality of an organization that wants its certificates included. Auditing is an important part in weeding out incompetent and criminal organizations from endangering the security of your SSL connections.

OSAF does not want to audit organizations, nor would we be able to do a good job of it.

Another fair alternative would be to modify Chandler to use the platform cryptographic APIs and using the certificates the platforms normally use. However, this would be a lot of work, and would need to be customized for each platform, including each variant of an operating system we wanted to support.

It should be easy to write a plugin that adds additional certificates.