|
Information Security
< Previous Next >
re: Transort Level Discussions
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC
9 Apr 1998 3:28PM ETSeeing as Bob has asked us to be positive rather than negative, I thought I'd talk a bit about the advantages of transport-level crypto, and SSL in particular.
A layered approach eases the burden of implementing security. You can just search and replace your calls to read and write to a socket with crypto-enabled read/write calls. Add a few calls at the beginning of the connection to check the person's identity, a few calls at the end to clean up, and you're done. The underlying transport protocol guarantees that data passed into your application is from the sender whose identity you verified when the connection began. Your application doesn't have to worry about security policy decisions, such as what happens if a given message doesn't pass the signature check, the unencrypted and encrypted MsgType field disagree, or if a completely unencrypted, unsigned message is sent to you.
SSLv3 seems like a good way of doing this. It is a very large de-facto industry standard, which means it's getting peer review. It is being standardized by the IETF. It allows for variable cipher suites, including ones which do not require paying patent royalties. It is based around the concept of a CA hierarchy, and SSL-based web servers were the "killer app" for many CAs. It can work with pretty much any CA willing to sign your certificates.
Provided you live outside the US, or the CA infrastructure uses DSS instead of RSA, there's a free implementation (SSLeay) in C which should work under Unixes and Windows and should get around the US patent royalty problem. And I've seen at least one commercial Java implementation of SSL which supports DSS / DH, although I haven't gotten a price quote.
Placing crypto in a lower level provides a good way around export control. Although linking something like SSL into the FIX engine is the cleanest solution, it is possible to completely separate the two. Anyone can create generic, application-independent SSL proxies. This way a US firm can export a FIX engine with no SSL hooks to a foreign country. That firm can buy, obtain, or develop an SSL proxy. They tell their FIX engine to talk to the proxy, the proxy makes a connection to the other party, uses the certificates it has loaded to verify authenticity and refuses to pass data otherwise, logs the ciphertext sent and received, and all is well.
re: Transort Level Discussions
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC 9 Apr 1998 3:28PM ET
|
