s2n VS certificate-transparency-go

It seems to support multiple options but requires you pick at least one of them. https://github.com/aws/s2n-tls/blob/main/docs/BUILD.md#build...

I think GnuTLS is probably the second most popular TLS library, after openssl.

I'll also mentions s2n and rustls-ffi for completeness as C libraries, though the former isn't widely used, and the latter is very experimental still. https://github.com/aws/s2n-tls and https://github.com/rustls/rustls-ffi respectively.

I've seen operating on unauthenticated plaintext enough times to list it as my own pet peeve with AES-GCM. But it's a problem for chunked messages too. A few years ago we released a SCRAM mode that makes very minimal changes to AES-GCM so that it mathematically can't operate on unauthenticated plaintext. https://github.com/aws/s2n-tls/tree/main/scram

> The documentation is kind of vague, but apparently you have to re-enable it regularly.[3]

This is correct. And in the end it means more or less that setting the socket option is more of a way of sending an explicit ACK from userspace than a real setting.

It's not great for common use-cases, because making userspace care about ACKs will obviously degrade efficiency (more syscalls).

However it can make sense for some use-cases. E.g. I saw the s2n TLS library using QUICKACK to avoid the TLS handshake being stuck [1]. Maybe also worthwhile to be set in some specific RPC scenarios where the server might not immediately send a response on receiving the request, and where the client could send additional frames (e.g. gRPC client side streaming, or in pipelined HTTP requests if the server would really process those in parallel and not just let them sit in socket buffers).

[1] https://github.com/aws/s2n-tls/blob/46c47a71e637cabc312ce843...

It looks like by default s2n-quic uses this TLS implementation, which is not based on the ring crate (though it is written in C)

https://github.com/aws/s2n-tls

I would be interested in the other SSL implementations:

- https://github.com/awslabs/s2n

- https://boringssl.googlesource.com/boringssl

- https://bearssl.org/

Are these subpar implementations or there are other reasons not to use these?

If you're talking about a certificate honored by a browser, these days they'd have to put it in a CT log, or at least obtain a "signed certificate timestamp" from a CT log: https://certificate.transparency.dev/

>This feels like this might actually be a use-case for a blockchain or a Merkle Tree.

A few years ago, this idea[0] had been explored by Google as a possible application of their Trillian[1] distributed ledger, which is based on Merkle Trees.

I don't know if they've advanced adoption of Trillian for firmware, however, the website lists Go packaging[2], Certificate Transparency [3], and SigStore[4] as current applications.

have used Trillian as the basis for their Certificate Transparency implementation.[2]

[0] https://github.com/google/trillian-examples/tree/master/bina...

[1] https://transparency.dev/

[2] https://go.googlesource.com/proposal/+/master/design/25530-s...

[3] https://certificate.transparency.dev/

[4] https://www.sigstore.dev/

You can find more about certificate monitoring and who are involved here

https://certificate.transparency.dev/

Excellent question! The sctcheck command from https://github.com/google/certificate-transparency-go/ can be used to check the signatures of embedded SCTs.

I've also got an online tool which you can use to test a site for CT policy compliance: https://sslmate.com/labs/ct_policy_analyzer/

Example of a working site: https://sslmate.com/labs/ct_policy_analyzer/?sslmate.com

Example of one of the sites affected by the Let's Encrypt incident: https://sslmate.com/labs/ct_policy_analyzer/?thecandyshake.c...

The x509 package has unfortunately burned me several times, this one included. It is too anal about non-fatal errors, that Google themselves forked it (and asn1) to improve usability.

https://github.com/google/certificate-transparency-go

ogClient, err := client.New( l.URI, &http.Client{ Timeout: 10 * time.Second, Transport: &http.Transport{ TLSHandshakeTimeout: 30 * time.Second, ResponseHeaderTimeout: 30 * time.Second, MaxIdleConnsPerHost: 10, DisableKeepAlives: false, MaxIdleConns: 100, IdleConnTimeout: 90 * time.Second, ExpectContinueTimeout: 1 * time.Second, }, }, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0"}, ) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to create new client: %s\n", l.Name, err) return } sth, err := logClient.GetSTH(context.TODO()) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to get SignedTreeHead: %s\n", l.Name, err) return } fmt.Printf("%s -> Number of logs: %d\n", l.Name, sth.TreeSize) index := uint64(0) // Logs MAY return fewer than the number of leaves requested. Only complete // if we actually got all the leaves we were expecting. // See more: https://github.com/google/certificate-transparency-go/blob/52d94d8cbab94d6698621839ab1a439d17ebbfb2/scanner/fetcher.go#L263 for index <= sth.TreeSize { fmt.Printf("%s -> New fetch start with index %d-%d\n", l.Name, index, index+100) entries, err := logClient.GetRawEntries(context.TODO(), int64(index), int64(index)+100) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to get raw entries: %s\n", l.Name, err) return } if entries == nil { fmt.Fprintf(os.Stderr, "%s -> entries is nil", l.Name) return } if DEBUG { fmt.Printf("%s -> Got %d leaf entry\n", l.Name, len(entries.Entries)) } for i := range entries.Entries { rawLogE, err := ct.RawLogEntryFromLeaf(int64(index), &entries.Entries[i]) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to parse leaf to raw entry at index %d: %s\n", l.Name, index, err) index++ continue } logE, err := rawLogE.ToLogEntry() if err != nil { fmt.Printf("%s -> Failed to convert raw log to log at index %d: %s\n", l.Name, index, err) index++ continue } /* * This check is true most of the time. */ if logE.X509Cert == nil { fmt.Printf("%s -> Failed to read log cert at index %d: X509Cert is nil\n", l.Name, index) index++ continue } if DEBUG { fmt.Printf("%s -> Leaf entry at %d is parsed successfuly!\n", l.Name, index) } entryChan <- *logE index++ } }

Yes, you can use the certificate-transparency go code to pull down from the trillian API https://github.com/google/certificate-transparency-go/blob/m...

You would need to know the index, or you could just iterate over a range