-
Notifications
You must be signed in to change notification settings - Fork 85
Protocol Implementation
All MSL stack implementations must provide the following high-level security objectives:
- Entity and user identities of received messages must be authenticated.
- User authentication data must be sent encrypted.
- Requests for encrypted application data must be honored.
- Requests for non-replayable application data must be honored.
A MSL stack may be capable of processing messages for more than one trusted services or peer-to-peer network. The MSL protocol applies to each network; there should be no state or data shared between messages of different MSL networks.
The MSL stack should limit itself to twelve MSL messages for each attempt by the application to send data. This limit includes error responses and messages sent to try and resolve errors, and is based off an assumption that the possible sequence of errors encountered can be successfully resolved within that number.
The specification is informed by the following potential communication channel restrictions.
- Messages may be limited to one send and one receive processed in series per connection.
- Message data may be required to be sent all at once instead of progressively.
The specification is informed by the following potential communication channel capabilities.
- Multiple messages may be sent or received serially over a single connection.
- Message data may be transmitted progressively.
- The channel may be full duplex.
There are three types of messages that the MSL stack must support.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide