[Cryptography] To what is Anderson referring here?

[James A. Donald]

On 2014-06-04 19:57, Peter Gutmann wrote:
> Christian Huitema <huitema at huitema.net> writes:
>
>> EKE would probably be deployed more often if people were not concerned with
>> the patents.
>
> It's not the patents, it's because you use certificates for situations where
> EKE would be appropriate.  No other options (for example EKE) exist.  Look at
> browsers, TLS-SRP and TLS-PSK have been standardised, and freely usable, for
> years but no browser (or web server) vendor supports them, or is interested in
> supporting them.  SSH is no better, you fire up a tunnel and hand over the
> password in plaintext over it, or use public-key auth (OK, not certificates
> but the SSH equivalent), there's no attempt at any EKE-like mechanism.  It's
> the same for many other protocols, it's either certificates or passwords, and
> that's it.



Firstly, browser writers are in the pockets of the CAs, and eke renders 
CAs even less relevant.

Secondly, implementing eke in the browser and the web server is a bigger 
job than it looks.  People don't realize how much $#!% needs to be done. 
There are a whole bunch of layers,

The head-bone connected to the neck-bone,
the neck-bone connected to the back-bone
The backbone connected to the thigh-bone
the thighbone connected to the knee-bone
the kneebone connected to the leg bone
the leg bone connected to the foot bone
Oh hear the word of the Lord!

And you have to run the plumbing through each of these layers, each 
layer written by someone else.

And, of course, to make the whole thing work, you need a password window 
that cannot be emulated by javascript running in the browser - which is 
not so difficult - you just cut javascript's ability to spawn non 
standard windows off at the knees.