Dutch Transport Card Broken

Steven M. Bellovin smb at cs.columbia.edu
Fri Feb 1 14:58:16 EST 2008


On Fri, 01 Feb 2008 13:29:52 +1300
pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:


> Actually it doesn't even require X.509 certs.  TLS-SRP and TLS-PSK
> provide mutual authentication of client and server without any use of
> X.509.  The only problem has been getting vendors to support it,
> several smaller implementations support it, it's in the (still
> unreleased) OpenSSL 0.99, and the browser vendors don't seem to be
> interested at all, which is a pity because the mutual auth (the
> server has to prove possession of the shared secret before the client
> can connect) would significantly raise the bar for phishing attacks.
> 
> (Anyone have any clout with Firefox or MS?  Without significant
> browser support it's hard to get any traction, but the browser
> vendors are too busy chasing phantoms like EV certs).
> 
The big issue is prompting the user for a password in a way that no one
will confuse with a web site doing so.  Given all the effort that's
been put into making Javascript more and more powerful, and given
things like picture-in-picture attacks, I'm not optimistic.   It might
have been the right thing, once upon a time, but the horse may be too
far out of the barn by now to make it worthwhile closing the barn door.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list