Another entry in the internet security hall of shame....
Thierry Moreau
thierry.moreau at connotech.com
Thu Sep 8 10:46:28 EDT 2005
Stephan Neuhaus wrote:
> James A. Donald wrote:
>
> [...]
>
> That's because PSKs (as I have understood them) have storage and
> management issues that CA certificates don't have, [...]
> that the issue of how to exchange PSKs
> securely in the first place is left as an exercise for the reader (good
> luck!)
See http://www.connotech.com/sakem_index.htm.
Incidentally, TLS-PSK protocol standardization proposals has been around
in the IETF for some time, and it is the mobile telephony development
momentum made it pass the standardization process (e.g. drafts by
Nokia). In the mobile telephony world, the physical distribution of
"subscriber identity mudules" (i.e. integrated circuits with
secret/private keying material) is physically distributed to subscribers.
>
> [...]
> ( [...] for the secure exchange
> of PSKs, which is IMHO unresolvable without changes to the business
> workflow). [...]
> But the server side? There are many more server applications than there
> are different Web browsers, and each one would have to be changed. At
> the very least, they'd need an administrative interface to enter and
> delete PSKs. That means that supporting PSKs is going to cost the
> businesses money (both to change their code and to change their
> workflow), money that they'd rather not spend on something that they
> probably perceive as the customer's (i.e., not their) problem, namely
> phishing.
>
The incremental operating cost can be resaonable only for organizations
that already incur the *authorization* management overhead.
>
> Fun,
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list