Several seemingly disparate problems, ranging from secure cross domain authorization to policy enforcement in enterprise mashups to MITM attacks on federation protocols, all have as their root cause a single missing primitive function. Specifically, when a user at a browser is simultaneously interacting with two web services to obtain a composite service, it is not possible in today’s Internet architecture for either web service to “look behind the browser” and assure itself of the identity of the other web service in a standard and secure fashion. Complicating matters is that in almost all cases the web services cannot, or should not, trust the user or their browser. Fixing this problem with new cryptographic protocols and a new trust infrastructure is easy in theory, but extremely difficult in practice, and it will take a long time before a new protocol can be trusted. A more challenging task is to ask ourselves if we can fix this problem using a trusted and proven cryptographic protocol that already has a trust infrastructure. Specifically, can SSL be used?
SSL is a two-party protocol for mutual authentication and encryption that is typically used at the transport level. When used with mutual authentication, it is proven, trusted, and critically, has a well established and widely deployed trust infrastructure in the form of certificate authorities who issue digital certificates. However, it cannot be used directly for the problem we posed, which is inherently multi-party. MashSSL is a new multi-party protocol that has been expressly designed to inherit the security properties of SSL, and to be able to leverage its trust infrastructure. It is based on the unique insight that the introduction of a legitimate man in the middle into the SSL protocol (aka Friend in the Middle or FITM) actually results in a powerful new protocol, which can not only solve the core problem we identified, but has a number of other applications. And, thanks to the work already done on SSL, MashSSL is lightweight with a short specification designed to be implemented in a RESTful fashion.