TLS-SRP & TLS-PSK support in browsers (Re: Dutch Transport Card Broken)

Wed Feb 6 12:21:47 EST 2008

Peter Gutmann wrote:
> Frank Siebenlist <franks at mcs.anl.gov> writes:
> 
>> That's actually a sad observation.
>>
>> I keep telling my colleagues that this technology is coming "any day now" to
>> a browser near you - didn't realize that that there was no interest with the
>> browser companies to add support for this...
> 
> I know of a number of organisations (mostly governmental, but also some
> financial) in various countries who are really, really keen to get support for
> (as James Donald pointed out) cryptographically secured relationships (not
> requiring PKI would be a big feature) into browsers, but no-one knows who to
> beat over the head about it.  The last group I talked to (banks) were hoping
> to use commercial pressure to get MS to add support for it in IE7^H^H8 at
> which point Firefox would be forced to follow, but it's a slow process.

With the big browser war still going strong, wouldn't that provide 
fantastic marketing opportunities for Firefox?

If Firefox would support these secure password protocols, and the banks 
would openly recommend their customers to use Firefox because its safer 
and protects them better from phishing, that would be great publicity 
for Firefox, draw more users, and force M$ to support it too in the long 
run...

>> Why do the browser companies not care?
>> What is the adoption issue?
>> Still the dark cloud of patents looming over it?
>> Not enough understanding about the benefits? (marketing)
>> Economic reasons that we wouldn't buy anymore server certs?
> 
> I think it's a combination of two factors:
> 
> 1. Everyone knows that passwords are insecure, so it's not worth trying to do
>    anything with them.
> 
>    (My counter-argument to this is that passwords are only insecure because
>    protocol designers have chosen to make them insecure, see my previous post
>    about the quaint 1970s-vintage hand-over-the-password model used by SSH and
>    SSL/TLS).

...these protocol would even make the use of one-time-passwords more 
secure (no MITM exposure - phishing), and make them securely usable 
without any server-certs...

> 2. If you add failsafe authentication to browsers, CAs become redundant.
> 
>    (My counter-argument to this is to ask whether browser security exists in
>    order to provide a business model for CAs or to protect users.  Currently
>    it seems to be the former, with EV certs being a prime example).

I was afraid that this cynical argument would play a role... so the 
server-cert racketeering scheme has just been made more profitable 
through more expensive but equally "trustworthy" EV-certs, which makes 
it more difficult to introduce alternatives that don't fit into this 
"business model"...

On the other hand, I'm sure that the marketeers will be able to sell 
server-certs together with those secure passwords protocols to the naive 
customers as it will be very difficult to explain why you do/don't need 
the certs and why it would more/less secure...

-Frank.

-- 
Frank Siebenlist               franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com