ADCS - Symmetrical Encryption in ADC

From DCBase Wiki

ADCS ^[1] is an extension that has the goal of adding the TLS/SSL layer just over the TCP layer and beneath the application layer (where ADC runs). This way, the ADC protocol remains unchanged while the connections are encrypted. The connecting party performs a TLS handshake immediately after the TCP connection is established. The ADC handshake is performed and once the TLS connection is established the ADC handshake proceeds as usual.^[2]

Encrypted ADC connections can be established using a TLS tunnel, both for hub and for client connections. Certificates can be used to authenticate both hub and user, for example by making the hub the root CA, and only allow clients signed by the hub to connect. Ephemeral keys should be use to ensure forward secrecy when possible. A future extension or revision of this extension will provide ways to handle certificate based logins, who creates which certificates and who signs what, and all that is not specified in this revision.

Contents 1 Client-Hub encryption 2 Client-Client encryption 3 References 4 See Also

Client-Hub encryption

TLS client-hub connections can be initiated either by negotiating the feature "ADCS" on connection or by using the protocol adcs:// when initiating the connection.

Client-Client encryption

TLS client-client connections can be established either by negotiating the feature "ADCS" on connection or by specifying "ADCS/1.0" in the CTM protocol field. Clients supporting encrypted connections must indicate this in the INF SU field with "ADCS".

References

1. ↑ ADCS Drafting (Official Discussion Here) by darkKlor (Aug 17, 2009)
2. ↑ Defeating traffic shaping with encryption by cologic (Sep 19, 2007)

See Also