Another entry in the internet security hall of shame....
Ian G
iang at systemics.com
Wed Aug 31 08:44:25 EDT 2005
James A. Donald wrote:
> --
> From: pgut001 at cs.auckland.ac.nz (Peter
> Gutmann)
>
>>TLS-PSK fixes this problem by providing mutual
>>authentication of client and server as part of the key
>>exchange. Both sides demonstrate proof-of- possession
>>of the password (without actually communicating the
>>password), if either side fails to do this then the
>>TLS handshake fails. Its only downside is that it
>>isn't widely supported yet, it's only just been added
>>to OpenSSL, and who knows when it'll appear in
>>Windows/MSIE, Mozilla, Konqueror, Safari,
>
>
> This will take out 90% of phishing spam, when widely
> adopted.
Having read this now [1] I wonder if it is too hopeful
to expect TLS-PKS to be "widely adopted" in browsing.
( I've guessing that you mean that the user's password
and username will be used to bootstrap the secure TLS
session - notwithstanding the comment in section 8 that
this is not the intention [2]. )
The issue I see here is that while the browser may have
access to this data, the server doesn't necessarily
have access to it. In these days and times, major
websites are constructed with a plethora of methods
to do authentication, and they use a lot frameworks
to handle all that. In any given framework, the
distance (in code and layers and backends) between
the TLS code and the password code can be quite
large. One artifact of this is the use of straight
forms to deliver the password rather than use the
inbuilt underlying unix-style password mechanism;
it is far too popular to implement the password
authentication of a user over the top of any
framework as it is - in the application code - as
the framework never quite does what is needed.
Not only is there this distance, it is duplicated
across all languages and all the different auth
regimes and also for "homegrown" password auth,
over every application! I'd wonder if given these
barriers it will ever be possible to get change to
happen?
Or have I misunderstood something here?
(Note that this shouldn't be interpreted as saying
anything about the general utility of TLS-PSK in
other environments as per [2]...)
iang
[1] Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-09.txt
[2] "However, this draft is not intended for web password
authentication, but rather for other uses of TLS."
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list