TLS-SRP & TLS-PSK support in browsers (Re: Dutch Transport Card Broken)

Frank Siebenlist franks at mcs.anl.gov
Fri Feb 1 10:18:10 EST 2008


Peter Gutmann wrote:
> "Perry E. Metzger" <perry at piermont.com> writes:
> 
>>> SSL involves digital certificates.
>> Not really, James Donald/George W. Bush. It involves public keys, and it
>> provides a channel by which X.509 certificates can be exchanged,
> 
> Actually it doesn't even require X.509 certs.  TLS-SRP and TLS-PSK provide
> mutual authentication of client and server without any use of X.509.  The only
> problem has been getting vendors to support it, several smaller
> implementations support it, it's in the (still unreleased) OpenSSL 0.99, and
> the browser vendors don't seem to be interested at all, which is a pity
> because the mutual auth (the server has to prove possession of the shared
> secret before the client can connect) would significantly raise the bar for
> phishing attacks.
> 
> (Anyone have any clout with Firefox or MS?  Without significant browser
> support it's hard to get any traction, but the browser vendors are too busy
> chasing phantoms like EV certs).

That's actually a sad observation.

I keep telling my colleagues that this technology is coming "any day
now" to a browser near you - didn't realize that that there was no
interest with the browser companies to add support for this...

Why do the browser companies not care?
What is the adoption issue?
Still the dark cloud of patents looming over it?
Not enough understanding about the benefits? (marketing)
Economic reasons that we wouldn't buy anymore server certs?

-Frank.

-- 
Frank Siebenlist               franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 594 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20080201/05a90f9d/attachment.bin>


More information about the cryptography mailing list