Articles > GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos

For those who aren't familiar with GNU TLS, can you give an brief description of what it does and its role in the GNU Project?

Nikos Mavroyanopoulos: GNUTLS is a library implementation of the SSL 3.0 and TLS 1.0 protocols. Its purpose is to provide applications an authentication and encryption layer over an existing transport layer such as TCP/IP. The authentication part includes implementation of the X.509 certificate authentication framework, the OpenPGP framework as well as password authentication with SRP.

Many people will have heard of "SSL", from its use in the web. What is the difference between "SSL" and "TLS"?

Sometime ago there was no standard in the security protocols of the internet. SSL 2.0 was the first and de facto standard used by the Netscape browsers and servers, but there was also Microsoft's PCT 1.0. The IETF then formed the Transport Layer Security working group whose purpose was to create a single protocol for the internet. The TLS working group's first protocol was called TLS 1.0, and was based on the last protocol issued by Netscape, SSL 3.0. In brief they are almost the same thing, with TLS 1.0 being an updated version of SSL 3.0.

There are some as existing implementations of SSL, such as SSLeay or OpenSSL. What are the differences between GNU TLS and these packages?

OpenSSL and SSLeay can be seen as the same thing, since OpenSSL is the continuation of the SSLeay library. They are both very good SSL and TLS toolkits, and have a long history behind them. Their license however contains an advertising clause which is incompatible with the GNU GPL. This was the reason that made the GNU project seek for an alternative TLS implementation. Other than that, the purpose of OpenSSL and GnuTLS is the same, that is to provide applications a security framework.

Can you tell us a little about the history of the GNU TLS project and the people involved?

Sometime after I've volunteered to work for the FSF I've been contacted by Werner Koch (the gnupg author), who asked whether I could create an SSL implementation for the GNU project. It seemed quite a huge project for me then, but I agreed anyway. Together with Tarun Upadhyay we started gnutls in February 2000.

In about a year later a first prerelease was available. At that time the project had almost reached a dead end since Tarun had quit, and the certificate part which was required for a proper release was inexistent. In order to start coding the certificate part, I desperately needed an ASN.1 DER parser which was not available at that time.

That was the time that Fabio Fiorina offered to help, and about in May 2001 he contributed an excellent ASN.1 library (now called libtasn1). That library offered a boost in gnutls' development and within the summer we had some alpha releases of gnutls called 0.2.x with X.509 certificate support. We had hopefully escaped the dead-end.

An idea to use OpenPGP keys in TLS instead of X.509 certificates, was carried out by Timo Schulz who offered to help, in February 2002. Thanks to his fine opencdk library and his help now gnutls has support for OpenPGP keys, as an alternative to X.509 certificates.

In July 2002 Andrew McDonald contributed an OpenSSL compatible interface which is included in gnutls since then.

We finally released gnutls 1.0.0, the first version to be considered as stable, in December 2003.

Are there any GNU programs which don't use TLS currently, that you would like see converted to use it?

Well gnutls was mostly tested in server applications, so I'm now more interested into seeing more feedback from client applications.

If somebody wants to use GNU TLS in an existing networked application communicating over standard unix sockets is it complicated to do that?

I tried to make the porting of existing network applications as painless as possible. The TLS part was built with the Berkeley sockets as a model, so network programmers find it familiar. Of course someone shouldn't expect the API to be exactly like the Berkeley functions, since gnutls offers features, that do not exist in TCP/IP. A basic knowledge of public key infrastructure is also needed in order to understand why some steps are needed.

I have a lot of passwords for different websites and mailing lists. How difficult would it be to use TLS to eliminate the need for the usernames/passwords on websites, by identifying users by a certificate instead of a password? Is this something that could easily be added into programs such as Mailman?

Yes, web-based programs could benefit heavily from the certificate authentication provided by the TLS layer. A user can be fully identified by a certificate permanently stored in his browser. But such an infrastructure is not easy to deploy, since it requires a centralized certification authority. That authority would need resources for the purpose of user's certificate issuing, updating, revoking etc.

An alternative decentralized solution could be the usage of openpgp keys, for TLS authentication. That way a user could be authenticated by sending his existing openpgp key. This kind of authentication is currently implemented only in gnutls but I hope that other TLS implementations would follow.

Do you have any plans to offer commercial support for GNU TLS?

Currently I have no such plans.

What is your background as a developer? How did you become active in GNU TLS and free software?

I've started coding when I learned C++ and C, back in 1996, in high school, after I got my first GNU/Linux distribution. I wanted to fix and change things in the programs I used, so I bought some books on programming. I was quite impressed by my distribution (it was a slackware), because the source code of the programs I used, existed so I could change things the way I liked!

While in the university I've read about cryptography, and as a result I've created the cryptographic libraries mcrypt and mhash. GnuTLS came some years later. The first testbed of gnutls was hydra, an http server, which I've created. During these years I've also worked for a proprietary software company in Greece.

Is there any story behind how you became a supporter of the free software philosophy?

More or less it's the same story that made me be engaged in programming. Having software to study, and compiler tools available in the operating system I used, was an idea I liked, so I became a supporter of the free software philosophy.

Security is a big issue today. From your experience of working on GNU TLS do you have any thoughts you'd like to share with other developers?

Well, the fact is that it takes a lot of time to create software to be called secure, and despite that you can never be certain of providing the advertised security. Unfortunately there is no such proof of security, so you can only rely on the process that creates the software, and to a process of auditing.

Do you have any ideas on how we can move to a more secure infrastructure, both for free software development and for general users of the internet?

Those are really difficult problems to deal with in the internet, since it is a very large network, and changes in the basic infrastructure usually take years to be accomplished. Authentication and especially a decentralized one, such as the OpenPGP's web of trust may help controlling the number of messages originating from unknown sources. However I'm not quite involved in the Internet Mail working groups, and do not know whether authentication has practical problems.

Software development as a process has little to gain by using cryptographic protocols. The most important advantage, is for the user's of software, since the introduction of cryptographic protocols ensures privacy. This is too important for applications running in networks like the internet, which was not designed to offer privacy.

One problem I've found with signed packages is that it's difficult to get a web of trust which connects everyone, even though the free software community is relatively small, so I usually have no way of verifying a signature. Is it possible to use the tools in GNU TLS for "code-signing" with certificates issued by a Certificate Authority?

Gnutls' tools do not offer this capability but as far as I know the new generation of gnupg will be providing such features. However, the problems you described will not be solved just by changing to X.509 infrastructure.

Developers who sign releases with openpgp keys that are not signed by any other people, would probably use an X.509 certificate that is self-signed. The correct use of the given infrastructure is on the developer, and not in the infrastructure itself. Both protocols could be misused. In the web of trust case it might be better to notify such developers that their key could not be trusted.

Also the X.509 infrastructure has the drawback that requires a centralized authentication systems which do not fit to the decentralized development model that free software projects use.

If somebody wants to learn more about GNU TLS are there any books or tutorials that you would recommend?

Currently there is only the gnutls manual which is included in the distribution but also available online at GNU.org. I've tried to make it a good manual, but it still needs work.

Thanks for taking the time for this interview and for your work on free software!