Add introductory post on OCaml-TLS

src/data.ml

@@ -68,6 +68,18 @@ module People = struct
     email     = Some "talex5@gmail.com";
   }
 
+  let hannes = {
+    Atom.name = "Hannes Mehnert";
+    uri       = Some "https://github.com/hannesm";
+    email     = Some "hm519@cam.ac.uk";
+  }
+
+  let dkaloper = {
+    Atom.name = "David Kaloper";
+    uri       = Some "https://github.com/pqwy";
+    email     = Some "david.mersinjak@cl.cam.ac.uk";
+  }
+
 end
 
 let rights = Some "All rights reserved by the author"
@@ -174,6 +186,12 @@ module Blog = struct
         body       = "welcome-to-our-summer-hackers.md";
         permalink  = "welcome-to-our-summer-hackers";
       };
+      { updated    = date (2014, 07, 08, 12, 0);
+        author     = hannes;
+        subject    = "Introducing ocaml-tls - a transport layer security (TLS) implementation in pure OCaml";
+        body       = "introducing-ocaml-tls.md";
+        permalink  = "introducing-ocaml-tls-implementation-in-pure-ocaml";
+      };
     ]
 end
 

tmpl/blog/introducing-ocaml-tls.md

@@ -0,0 +1,126 @@
+We announce a **beta** release of `ocaml-tls`, a clean-slate
+implementation of Transport Layer Security (TLS) in OCaml.
+
+### What is TLS?
+
+Transport Layer Security (TLS) is probably the most widely deployed
+security protocol on the Internet. It provides communication privacy
+to prevent eavesdropping, tampering, and message forgery. Furthermore,
+it optionally provides authentication of the involved endpoints. TLS
+is commonly deployed for securing web services (HTTPS), emails,
+virtual private networks, and wireless networks.
+
+TLS uses asymmetric cryptography to exchange a symmetric key, and
+optionally authenticate (using X.509) either or both endpoints. It
+provides algorithmic agility, which means that the key exchange
+method, symmetric encryption algorithm, and hash algorithm are
+negotiated.
+
+### TLS in OCaml
+
+Our implementation `ocaml-tls` is already able to interoperate with
+existing TLS implementations, and supports several TLS extensions,
+such as server name indication ([RFC4366][], enabling virtual hosting)
+and secure renegotiation ([RFC5746][]).
+
+Our [demonstration server][^7] runs `ocaml-tls` and renders exchanged
+TLS messages in nearly real time by receiving a trace of the TLS
+session setup. If you encounter any problems, please give us [feedback][^14].
+
+`ocaml-tls` and all dependent libraries are available via [OPAM][^18] (`opam install tls`). The [source is available][^1]
+under a BSD license. We are primarily working towards completeness of
+protocol features, such as client authentication, session resumption, elliptic curve and GCM
+cipher suites, and have not yet optimised for performance.
+
+`ocaml-tls` depends on the following independent libraries: [ocaml-nocrypto][^6] implements the
+cryptographic primitives, [ocaml-asn1-combinators][^5] provides ASN.1 parsers/unparsers, and
+[ocaml-x509][^8] implements the X509 grammar and certificate validation ([RFC5280][]). [ocaml-tls][^1] implements TLS (1.0, 1.1 and 1.2; [RFC2246][],
+[RFC4346][], [RFC5246][]).
+
+We invite the community to audit and run our code, and we are particularly interested in discussion of our APIs.
+Please use the [mirage-devel mailing list][^9] for discussions.
+
+**Please be aware that this release is a *beta* and is missing external code audits.
+It is not yet intended for use in any security critical applications.**
+
+In our [issue tracker][^14] we transparently document known attacks against TLS and our mitigations
+([checked][^4] and [unchecked][^11]).
+We have not yet implemented mitigations against either the
+[Lucky13][^12] timing attack or traffic analysis (e.g. [length-hiding padding][^13]).
+
+### Trusted code base
+
+Designed to run on Mirage, the trusted code base of `ocaml-tls` is small. It includes the libraries already mentioned,
+[`ocaml-tls`][^1], [`ocaml-asn-combinators`][^5], [`ocaml-x509`][^8],
+and [`ocaml-nocrypto`][^6] (which uses C implementations of block
+ciphers and hash algorithms). For arbitrary precision integers needed in 
+asymmetric cryptography, we rely on [`zarith`][^15], which wraps
+[`libgmp`][^16]. As underlying byte array structure we use
+[`cstruct`][^17] (which uses OCaml `Bigarray` as storage).
+
+We should also mention the OCaml runtime, the OCaml compiler, the
+operating system on which the source is compiled and the binary is executed, as
+well as the underlying hardware. Two effectful frontends for
+the pure TLS core are implemented, dealing
+with side-effects such as reading and writing from the network: `lwt` and `mirage`. Mirage
+applications can run directly as Xen guest system.
+
+### Why a new TLS implementation?
+
+There are only a few TLS implementations publicly available and most
+programming languages bind to OpenSSL, an open source implementation written
+in C. There are valid reasons to interface with an existing TLS library,
+rather than developing one from scratch, including protocol complexity and
+compatibility with different TLS versions and implementations.  However,
+the disadvantage of most existing libraries is that they are written in C
+and suffer from memory safety issues, which have
+catastrophic effects -- as recently observed by [Heartbleed][], Apple's goto fail
+([CVE-2014-1266][]), GnuTLS session identifier memory corruption ([CVE-2014-3466][]), and the
+OpenSSL change cipher suite attack ([CVE-2014-0224][]).
+
+Our main reasons for `ocaml-tls` are that OCaml is a modern functional
+language, which allows concise and declarative descriptions of the
+complex protocol logic and provides type safety and memory safety to help
+guard against programming errors. Its functional nature is extensively
+employed in our code: the core of the protocol is written in purely
+functional style, without any side effects.
+
+Subsequent blog posts over the coming days will examine in more detail the design and implementation of
+the four libraries, as well as the security trade-offs and some TLS attacks and
+our mitigations against them.
+
+[^1]: https://github.com/mirleft/ocaml-tls
+[^3]: http://www.openbsd.org/papers/bsdcan14-libressl/mgp00026.html)
+[^4]: https://github.com/mirleft/ocaml-tls/issues?labels=security+concern&page=1&state=open
+[^5]: https://github.com/mirleft/ocaml-asn1-combinators
+[^6]: https://github.com/mirleft/ocaml-nocrypto
+[^7]: https://tls.openmirage.org/
+[^8]: https://github.com/mirleft/ocaml-x509
+[^9]: http://lists.xenproject.org/archives/html/mirageos-devel/
+[^10]: https://github.com/mirage/mirage-entropy
+[^11]: https://github.com/mirleft/ocaml-tls/issues?labels=security+concern&page=1&state=closed
+[^12]: http://www.isg.rhul.ac.uk/tls/Lucky13.html
+[^13]: http://tools.ietf.org/html/draft-pironti-tls-length-hiding-02
+[^14]: https://github.com/mirleft/ocaml-tls/issues
+[^15]: https://forge.ocamlcore.org/projects/zarith
+[^16]: https://gmplib.org/
+[^17]: https://github.com/mirage/ocaml-cstruct
+[^18]: https://opam.ocaml.org/packages/tls/tls.0.1.0/
+
+[attacks]: http://eprint.iacr.org/2013/049
+[Heartbleed]: https://en.wikipedia.org/wiki/Heartbleed
+[mostdangerous]: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
+[frankencert]: https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
+[mitls]: http://www.mitls.org
+[Fortuna]: https://www.schneier.com/fortuna.html
+[HOL]: http://www.infsec.ethz.ch/people/andreloc/publications/lochbihler14iw.pdf
+[cheap]: http://people.cs.missouri.edu/~harrisonwl/drafts/CheapThreads.pdf
+[RFC4366]: https://tools.ietf.org/html/rfc4366
+[RFC5746]: https://tools.ietf.org/html/rfc5746
+[RFC5280]: https://tools.ietf.org/html/rfc5280
+[RFC2246]: https://tools.ietf.org/html/rfc2246
+[RFC4346]: https://tools.ietf.org/html/rfc4346
+[RFC5246]: https://tools.ietf.org/html/rfc5246
+[CVE-2014-1266]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266
+[CVE-2014-3466]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
+[CVE-2014-0224]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224