Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security support for new .net 5 platforms #101

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

steveisok
Copy link
Member

No description provided.

@danmoseley
Copy link
Member

adding @wfurt for TLS angle

@danmoseley danmoseley requested a review from samsp-msft March 25, 2020 19:40
@danmoseley
Copy link
Member

and @samsp-msft for boringssl background.

@steveisok steveisok requested review from marek-safar and lewing March 25, 2020 19:45
@danmoseley danmoseley requested a review from jkotas March 25, 2020 20:10
The current dependency on OpenSSL could work as there seems to be support for building on Android. This is nice because it would seemingly ‘just fit’ with what we already have. However, there are some things to take into consideration:

* Do we fork a copy of OpenSSL and build from that?
* What is our process for shipping security vulnerability updates?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we have to ship something with an app, don't these questions/concerns apply to any choice?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep - I'll try to restate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was aware that Google Play Services includes cronet & boringSSL, but they seem to only be exposed via a Java cronet API - https://developer.android.com/guide/topics/connectivity/cronet - which probably doesn't help us.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last I knew, Google's documented stance on BoringSSL was that it was unsupported, could change its ABI at any time, etc... exactly what you want when taking a dependency on a security library ;-) If there's a supported/maintained variant, that's then more interesting.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We really, really, really want to avoid shipping a cryptography library with the product. AFAIK, it adds a whole lot of government paperwork; and it creates a very complicated servicing model for both us and the applications built using it.

If there's any library in the box that we can reliably use, that's the best choice almost without regard to how painful it is to initially use it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you'd need to use the conscrypt APIs - which are higher level http APIs.
This may help: https://groups.google.com/forum/#!topic/conscrypt/T4c2YCY91qc.


Do we:
* Investigate libgss further and flush out all the dependencies / challenges?
* Bring most / all functionality into a managed implementation? What does that look like? Who would do it?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does Xamarin do today?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We now use SocketsHttpHandler as the default, so the same as corefx. The previous way was a custom implementation that is pretty old.

Copy link
Member

@stephentoub stephentoub Mar 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't just about HttpClient, this is about NegotateStream as well (though maybe we don't care about it for these workloads?). More generally for this doc, it's about System.Security.Cryptography, System.Net.Security, etc.

The previous way was a custom implementation that is pretty old.

Is that would it would look like to bring it into a managed implementation? What are its dependencies? Is it doing cryptographic work?

@danmoseley
Copy link
Member

cc @ericstj

@danmoseley
Copy link
Member

@steveisok who owns the next action here -- just checking we're not all waiting for each other 😺

@danmoseley
Copy link
Member

@steveharter

@steveisok
Copy link
Member Author

@danmosemsft I think the doc is good to go. Unless determining what we're going to do about OpenSSL is a pre-requisite?

@microsoft-github-updates microsoft-github-updates bot changed the base branch from master to main September 11, 2020 16:26
@filipnavara
Copy link
Member

What's the plan about this doc? Meanwhile the Android part was implemented through JNI calls and iOS through Apple APIs. Most of the text seems outdated in this regard.

@steveisok
Copy link
Member Author

Hmm, thought this was in. Lost in the .NET 5 - 6 shuffle. It is a bit dated - I can give it some updates as we've made some progress.

@danmoseley danmoseley removed their request for review March 2, 2023 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants