Another entry in the internet security hall of shame....
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Aug 30 01:05:11 EDT 2005
"James A. Donald" <jamesd at echeque.com> writes:
>From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
>> TLS-PSK fixes this problem by providing mutual
>> authentication of client and server as part of the key
>> exchange. Both sides demonstrate proof-of- possession
>> of the password (without actually communicating the
>> password), if either side fails to do this then the
>> TLS handshake fails. Its only downside is that it
>> isn't widely supported yet, it's only just been added
>> to OpenSSL, and who knows when it'll appear in
>> Windows/MSIE, Mozilla, Konqueror, Safari,
>
>This will take out 90% of phishing spam, when widely adopted.
And that's it's killer feature: Although you can still be duped into handing
out your password to a fake site, you simply cannot connect securely without
prior mutual authentication of client and server if TLS-PSK is used.
What'd be necessary in conjunction with this is two small changes to the
browser UI:
- Another type of secure-connect indicator (maybe light blue or light green in
the URL bar instead of the current yellow) to show that it's a mutually
authenticated connection, along with a "Why is this green?" tooltip for it.
- A non-spoofable means of password entry that only applies for TLS-PSK
passwords. In other words, something where a fake site can't trick the user
into revealing a TLS-PSK key.
Anyone know how to communicate this to the Mozilla guys? The only mechanism
I'm aware of is bugzilla, which doesn't seem very useful for this kind of
request.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list