locked
WCF transport security mode puzzle RRS feed

  • Question

  • Accrding to the following quote, WCF transport security provides point-to-point security:


    Transport security is used to provide point-to-point security between the two endpoints (service and client). If there are intermediary systems between the client and the server, each intermediate point must forward the message over a new SSL connection.
     
    a) What is meant by SSL providing point-to-point security?

    b) Is SSL communication still possible between client and server, if intermediary system ( located between the client and the server ) forwards the message over a non-SSL connection?

    c) Assuming it is possible ... I don't see why intermediary system forwarding messages over a non-SSL connection would provide less security, since messages are already encypted by original sender ( which is either client or server ) and thus can't be decrypted by an intermediary systems?

    Sunday, August 28, 2011 3:05 PM

Answers

  • a) point-to-point means machine-to-machine. For example if you have a load balancer in your web farm, then the SSL connection is made twice - between client and load balancer, and between load balancer and service. In the load balancer, the messages can be seen as plain text (decrypted).

     

    b) As mentioned above, SSL is created twice - between each set of machines. When using SSL in web farms, you can also have an SSL connection between client and load balancer, and have a non-SSL connection between load balancer and service - this is referred to as SSL-offloading

     

    c) As mentioned above, a load balancer can "see" the content of the message and inspect it - this allows changing http headers, and logging the body of the message. This means that exchange of messages is less secured.


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Sunday, August 28, 2011 4:02 PM
    Sunday, August 28, 2011 3:46 PM
  • You cannot do ssl over multiple hops at once because that is how SSL is designed.

    Instead of using HTTPS/TLS you can use WCF message security that can do SSL-over-SOAP and encrypt the content between several hops


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Monday, August 29, 2011 9:27 AM
    Monday, August 29, 2011 7:08 AM
  • load balancers use the HTTP headers to figure out the target machine.

    Message security doesn't encrypt the http headers, and also does not encrypt most soap headers (unless you specify some of your own that need to be encrypted). Only the soap body element is encrypted (again, unless you change the default).


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Tuesday, August 30, 2011 4:01 AM
    Monday, August 29, 2011 8:33 PM

All replies

  • a) point-to-point means machine-to-machine. For example if you have a load balancer in your web farm, then the SSL connection is made twice - between client and load balancer, and between load balancer and service. In the load balancer, the messages can be seen as plain text (decrypted).

     

    b) As mentioned above, SSL is created twice - between each set of machines. When using SSL in web farms, you can also have an SSL connection between client and load balancer, and have a non-SSL connection between load balancer and service - this is referred to as SSL-offloading

     

    c) As mentioned above, a load balancer can "see" the content of the message and inspect it - this allows changing http headers, and logging the body of the message. This means that exchange of messages is less secured.


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Sunday, August 28, 2011 4:02 PM
    Sunday, August 28, 2011 3:46 PM
  • thank you Ido Flatow,


    By the way ,why can't we establish one SSL connection  between client  and service  directly instead of created twice  SSL connection , so the role of the  load balancer  is just forward the encrypted  the messages to  service just as it's role in the message security model?

    if that is the true,we can ensure the security between client and Service by Using SSL, is it true?

     



    Monday, August 29, 2011 6:53 AM
  • You cannot do ssl over multiple hops at once because that is how SSL is designed.

    Instead of using HTTPS/TLS you can use WCF message security that can do SSL-over-SOAP and encrypt the content between several hops


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Monday, August 29, 2011 9:27 AM
    Monday, August 29, 2011 7:08 AM
  • Ido Flatow,Thank you so much .
    Monday, August 29, 2011 9:27 AM
  • HiIdo Flatow, I have another question,

    when using transport security,the load balancer must decrypt and understand the messages before dispating them to service,

    but when using messages security,the load balancer just forward the encrypted messages to the service.

    So my puzzles is why the load balancer must decrypt and understand the messages before dispating them to service if using transport security?

    Can't the load balancer just forward the encrypted messages to the service just like it plays in the messages security?

    Monday, August 29, 2011 1:14 PM
  • load balancers use the HTTP headers to figure out the target machine.

    Message security doesn't encrypt the http headers, and also does not encrypt most soap headers (unless you specify some of your own that need to be encrypted). Only the soap body element is encrypted (again, unless you change the default).


    Please mark posts as answers/helpful if it answers your question.
    Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper.
    Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Marked as answer by Jacky_shen Tuesday, August 30, 2011 4:01 AM
    Monday, August 29, 2011 8:33 PM
  • Hi Ido Flatow, you help me soloved many puzzles,and i got much of knowledge  from you,

    Thank for your patiently help,thank you so much!

     


    Tuesday, August 30, 2011 4:05 AM
  • Hi Ido, one question please!

    Intermediary point can be hacked, so in the intermediary point somebody when decrypt message can read, for example my credit card number. How SSL resolved that issue, or encryption\decryption is resolved on transport layer???? If first intermediary point can`t read message because low level enc\dec, and doesn`t start new ssl connection, second intermediary can read unsecured message?

    Please help me to understand that issue. Thanx in advance



    • Edited by MarkoOkram Monday, November 21, 2011 10:31 PM
    Monday, November 21, 2011 8:08 PM
  • Bing "SSL" and decide what is meant by SSL providing point-to-point security! No, ssl communication is not possible with a non-ssl. Furthermore, you should not make an assumption if you cannot define ssl.~Christine.


    Christine Sindelar
    Monday, November 21, 2011 10:47 PM
  • My question was, does intermediate can read message on higher level than SSL and read my credit card number, and does intermediate (if doesn`t has SSL)can redirect decrypted message(insecure) so anyone can read it?
    MarkoOkram
    • Marked as answer by Jacky_shen Tuesday, February 7, 2012 3:11 PM
    • Unmarked as answer by Jacky_shen Tuesday, February 7, 2012 3:16 PM
    Tuesday, November 22, 2011 10:56 AM