[Security] TLS Certificates Verification

Dirk Meyer dmeyer at tzi.de
Tue Aug 19 12:23:52 CDT 2008

Jonathan Schleifer wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>> Why is it desirable to use an SAS here? A short, secret key printed
>> on the top of the STB seems much more convenient.
> Uhm, isn't SAS more or less like a short secret key? If you verify an
> SAS or a short fingerprint (but fingerprints are never short!), where
> is the difference?

The difference is that ESessions require the same secret on both
sides. How can to set-top boxes with different keys printed on them
talk to each other? They need help from something else.

I do NOT want to role out SAS. If we use TLS with self-signed keys we
still need a way to verify that key. With SAS you can create a secure
connection between two clients.

1. Set-top box 1 connects to my PC. They exchange TLS keys that are
   not verified. Now I type in the secret printed on the box on my
   PC. They open another secure link on top of the TLS link using
   SAS. Now they exchange the TLS keys over that link and know that
   the TLS keys are correct. My PC signs the key of the set-top box
   and they disconnect.

2. Set-top box 2 connects to my PC and they do the same

3. Set-top box 1 connects to set-top box 2. Both see that the TLS key
   is signed by my PC which they trust. No SAS needed.


Whoever coined the phrase "Quiet as a mouse" has never stepped on one.

More information about the Security mailing list