[Cryptography] Encryption opinion

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Sep 1 07:54:59 EDT 2014 

Hiya,

On 01/09/14 04:39, James A. Donald wrote:
> Here is how browsers and servers should work, in order to prevent MITM
> 
> This looks like a job for the IETF.  Why is it out of scope?
> 
> When the browser attempts to connect to a password protected page, the
> server demands the creation of a strong transient shared secret through
> a Zero Knowledge Password Protocol, and a UI is popped up from the
> browser chrome, not from a server web page, to establish that shared
> secret.  The UI shows the "username" of the server, and the username of
> the client, since the Zero Knowledge protocol is almost symmetric, both
> parties having to prove knowledge of a secret passphrase associated with
> the username/servername pair, without revealing the secret passphrase.
> 
> The strong transient shared secret being established from proof of
> possession of a weak durable shared secret, the server calls the code
> that generates the web page with a database cursor pointing at the
> database record that contains the username and hash of the password that
> was used to establish the shared secret.
> 
> On all subsequent interactions on the channel created by this shared
> secret, the web page is generated by code that has access to this
> database cursor.  The shared secret will be forgotten on a timeout that
> is set and reset by this code.
> 
> Again:  This looks like a job for the IETF.  Why is it out of scope?

That would be considered out of scope as "browser chrome" is not
a protocol concept but is an implementation issue.

I do get how that is annoying, but I don't see how to re-scope
the IETF (or HTTP) in a useful way that'd put that problem in
scope.

As an aside, when I've asked browser implementers this question
they have a bunch of reasons why they think authenticating the
client or user in HTTP isn't a good plan. I don't myself agree
with all of those (e.g. [1] seems reasonable to me:-) but some
of their reasons are good ones, for example that sites prefer
to control the login UI (e.g. for I18N and workflow reasons)
and and not have that determined by the browser chrome.

Cheers,
S.

[1] https://datatracker.ietf.org/doc/draft-ietf-httpauth-hoba/


> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>

More information about the cryptography mailing list