Much of the work in our project centers around open protocols.
We use as much of what we find as is, but new ideas sometimes
call for new protocols, and the design of these is a bit of a
roller-coaster ride. KXOVER is an interesting example.
When it comes to secure authentication, the web
is in a much worse shape than email. But that's
not due to email; it is the web that habitually
ignores all the advances that are used everywhere
else! Since the web is important, we want to extend
HTTP with SASL, the general framework that works so
well for almost all the other protocols.
The TLS protocol is usually considered as a black box that somehow
bestows security. But like any other protocol, it is a sequence of
bits and bytes. This article explains how a bit more depth about the
protocol is helpful to understand how it can be split into two
dramatically different components; and how this can be incredibly useful
from an operational perspective.
With our TLS Pool, we are aiming at a wide variety of possible
security mechanisms. The reason being, we would like to have more than
one secure mechanism ready; if we encounter a problem with one we can
then substitute another. In that light we are innovating on a few of
the TLS CipherSuites.