[Cryptography] Better than passwords and cookies

Jerry Leichter leichter at lrw.com
Tue Mar 18 06:56:24 EDT 2014

On Mar 17, 2014, at 6:17 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
>>>> Maybe you merely (re-)invented the HTML cookie holding the client private key.
>>> An HTML cookie isn't bound to the end-to-end connection context.  A MITM simply passes it through.  The signed information I'm suggesting the client send *is* bound to that context, and isn't subject to this trivial vulnerability.
>> https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf
> The OBC work kind of died, but we have many of the ideas in
>   http://tools.ietf.org/html/draft-ietf-httpauth-hoba-02
Unfortunately this is just a small subset of the original OBC proposal.  All the MITM protection has been stripped out.  The certs here are used to replace traditional login mechanisms (something I was skeptical of for the certs I was suggesting), and the authentication is bound to the identities of the two ends, not to the particular endpoint-to-endpoint connection rendering it useless as protection against MITM attacks.

Of course, if the HOBA mechanism *were* to be standardized, its certs might be useful for building a MITM protection mechanism.  But that would require an additional layer of standardization.

Why did the OBC stuff die out?  Inertia, lack of interest, or objections from somewhere?
                                                        -- Jerry

More information about the cryptography mailing list