Re: [Lurk] lurk integration with openssl

Dmitry Kravkov <dmitryk@qwilt.com> Sun, 22 April 2018 10:08 UTC

Return-Path: <dmitryk@qwilt.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E49124D6C for <lurk@ietfa.amsl.com>; Sun, 22 Apr 2018 03:08:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qwilt-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvrfjMwydrJf for <lurk@ietfa.amsl.com>; Sun, 22 Apr 2018 03:08:54 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F236C12422F for <lurk@ietf.org>; Sun, 22 Apr 2018 03:08:53 -0700 (PDT)
Received: by mail-qk0-x22f.google.com with SMTP id b131so8897768qkg.2 for <lurk@ietf.org>; Sun, 22 Apr 2018 03:08:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qwilt-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D+Xg8l0pIkqs+l4/HVttedCr3X+mB38LdM7mTemYIIw=; b=yL2J/D6VKzNQQ05QCle0yu6UUSiXUhx3DyX9CJyyVMmbnrABG1pZhDbwX/QyANP2Yh GcC+RuVk3PpCBuMdkXz1/EuenC9xdwf0qSkyYi7+tTEyI+Kyt2gZMK9qr5FlkTmswTiz Ku7zzqPyoeA+B49W+AhW75GXw2pIgxb0fBV7SJLrWTWDWF/euJQMGGeTWl3p+XMzYnMw k52qSYZpK0zrKblZLFmOWlnAbvLAq3w+A5tGj1iG7SsSRpHEXAL6gPRPZsAbWY3sv6l9 3fniMBm44we0mzUiCFWAa2EdhnJh0S0gWrRNF9GdAYElDshflP8vMOM23VmYVovi1nm6 umUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D+Xg8l0pIkqs+l4/HVttedCr3X+mB38LdM7mTemYIIw=; b=GNX9AyFyt9seDYQUNyQABWFw8bbfwTRrt+Tl29VIkAzJY4Un9aPyNbnuBO024XWA1x IKaAUARWlsDKmljdaEpTTDmB/k1PX2qykrm+/nLOBy8HYS/AVNSahzIWz27+QGKRkNmP FNtqXsVJ0SNMjNBjhnV974+eSyjuvKN9O0GiCvjnlFIrDEg9BNfv97JgS1pJ3iTvOXfS VD6KCI3i1tWZFARu8kfd1nhswQIuk6Ac9OJoPx96AigSME2G/Qw1iI55iFUZAQUYHySz bR1kWG6o48BfJPEorajBjZYH169k0vq3q/J1VLbKdEshR06qEUgBi1jkqKmb6VFLriNM Le2Q==
X-Gm-Message-State: ALQs6tDLgFhlOc7uQzsa9bKg/2WWqBHCC3Gjd9+K2GGcEK9iT9ZpsgmW wUDnRUvAa0ZMpJ9JlU4MlOo3L+8e7BmfbYMkZFBTag==
X-Google-Smtp-Source: AB8JxZqbk3YehFPITC7doacga7L4/urz991Ys6CBQ8BciurRvOluVrlZWYaJGDOrbOjNRrFBR49hb1008ZttnbSbV6g=
X-Received: by 10.55.200.155 with SMTP id t27mr18176613qkl.214.1524391732743; Sun, 22 Apr 2018 03:08:52 -0700 (PDT)
MIME-Version: 1.0
References: <CADZyTkmgW89C_hEYbuM2iVRADLGt47q2SMDqbWXMVLiYo9VtSw@mail.gmail.com>
In-Reply-To: <CADZyTkmgW89C_hEYbuM2iVRADLGt47q2SMDqbWXMVLiYo9VtSw@mail.gmail.com>
From: Dmitry Kravkov <dmitryk@qwilt.com>
Date: Sun, 22 Apr 2018 10:08:42 +0000
Message-ID: <CAAvCjhggLfVZwDbFuLpek0_T=VAryQVF8vFQH2mgvrVK0sJnGQ@mail.gmail.com>
To: Jesús Alberto Polo <ietf@jesusalberto.me>
Cc: LURK BoF <lurk@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Content-Type: multipart/mixed; boundary="001a1146dc7ebac9b1056a6d1b5f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/FXi2IhD5HIVHCv6_3z9lMvb7iS8>
Subject: Re: [Lurk] lurk integration with openssl
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2018 10:08:57 -0000

Hi Jesus Alberto,

this is a patch for openssl used during 101 hackathon

It looks that direct calling for lurk library from statemachine will be
hard to push upstream, but adding more callbacks for master secret
calculation that nginx (or other client) registers for,  will be easier to
submit.


On Fri, Apr 20, 2018 at 9:26 PM Daniel Migault <daniel.migault@ericsson.com>
wrote:

> Hi Jesus Alberto,
>
> There have been some discussions regarding the integration of lurk with
> openssl during the hackathon, so feel free to share your concerns on the
> mailing list..
>
> Here are some links you might find of interest:
>
>
> https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a_separate_process
> https://www.agwa.name/blog/post/titus_isolation_techniques_continued
>
> Yours,
> Daniel
>
>
>
> _______________________________________________
> Lurk mailing list
> Lurk@ietf.org
> https://www.ietf.org/mailman/listinfo/lurk
>
-- 

*Dmitry Kravkov*
Qwilt | Work: +972-72-2221630 | Mobile: +972-54-4839923

dmitrykATqwilt.com