Another entry in the internet security hall of shame....
Stephan Neuhaus
neuhaus at st.cs.uni-sb.de
Tue Aug 30 10:22:43 EDT 2005
Peter Gutmann wrote:
> And that's it's killer feature: Although you can still be duped into handing
> out your password to a fake site, you simply cannot connect securely without
> prior mutual authentication of client and server if TLS-PSK is used.
If I have understood the draft correctly, using PSKs means that the
server and the client have a shared secret that they must communicate
securely beforehand, and that they use some form of ZKP to assure the
other party that they know that secret without revealing it.
If that's indeed so, wouldn't this have key management and storage
issues that PK was designed to prevent in the first place? Also, the
prior secure exchange of secrets would seem to preclude communication
between entities that don't know each other. That, however, is how many
businesses (including ebay, in whose name much phishing spam is
generated) operate. Additionally, I don't think that this is just a UI
issue; after all, both the client and the server must somehow manage the
PSKs. There are probably expiration and revocation problems: what if my
computer gets stolen and I can't get at my PSK? Does this mean that I
can't do business with my bank anymore? What if I suspect that someone
has stolen my PSK (for example with the same javascript attack that
phished my password)? And so on and so on.
I'm not saying that the idea is bad, far from it; I'm just saying that
there are probably many practical problems to be solved before this can
be widely deployed.
Or perhaps I haven't understood the draft correctly.
> What'd be necessary in conjunction with this is two small changes to the
> browser UI:
...and the PSK management code in the server and in the client.
Fun,
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: neuhaus.vcf
Type: text/x-vcard
Size: 394 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050830/e771b03a/attachment.vcf>
More information about the cryptography
mailing list