TLS-SRP & TLS-PSK support in browsers (Re: Dutch Transport Card Broken)
Frank Siebenlist
franks at mcs.anl.gov
Wed Feb 6 12:21:47 EST 2008
Peter Gutmann wrote:
> Frank Siebenlist <franks at mcs.anl.gov> writes:
>
>> That's actually a sad observation.
>>
>> I keep telling my colleagues that this technology is coming "any day now" to
>> a browser near you - didn't realize that that there was no interest with the
>> browser companies to add support for this...
>
> I know of a number of organisations (mostly governmental, but also some
> financial) in various countries who are really, really keen to get support for
> (as James Donald pointed out) cryptographically secured relationships (not
> requiring PKI would be a big feature) into browsers, but no-one knows who to
> beat over the head about it. The last group I talked to (banks) were hoping
> to use commercial pressure to get MS to add support for it in IE7^H^H8 at
> which point Firefox would be forced to follow, but it's a slow process.
With the big browser war still going strong, wouldn't that provide
fantastic marketing opportunities for Firefox?
If Firefox would support these secure password protocols, and the banks
would openly recommend their customers to use Firefox because its safer
and protects them better from phishing, that would be great publicity
for Firefox, draw more users, and force M$ to support it too in the long
run...
>> Why do the browser companies not care?
>> What is the adoption issue?
>> Still the dark cloud of patents looming over it?
>> Not enough understanding about the benefits? (marketing)
>> Economic reasons that we wouldn't buy anymore server certs?
>
> I think it's a combination of two factors:
>
> 1. Everyone knows that passwords are insecure, so it's not worth trying to do
> anything with them.
>
> (My counter-argument to this is that passwords are only insecure because
> protocol designers have chosen to make them insecure, see my previous post
> about the quaint 1970s-vintage hand-over-the-password model used by SSH and
> SSL/TLS).
...these protocol would even make the use of one-time-passwords more
secure (no MITM exposure - phishing), and make them securely usable
without any server-certs...
> 2. If you add failsafe authentication to browsers, CAs become redundant.
>
> (My counter-argument to this is to ask whether browser security exists in
> order to provide a business model for CAs or to protect users. Currently
> it seems to be the former, with EV certs being a prime example).
I was afraid that this cynical argument would play a role... so the
server-cert racketeering scheme has just been made more profitable
through more expensive but equally "trustworthy" EV-certs, which makes
it more difficult to introduce alternatives that don't fit into this
"business model"...
On the other hand, I'm sure that the marketeers will be able to sell
server-certs together with those secure passwords protocols to the naive
customers as it will be very difficult to explain why you do/don't need
the certs and why it would more/less secure...
-Frank.
--
Frank Siebenlist franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list