[114445] in cryptography@c2.net mail archive
TLS-SRP & TLS-PSK support in browsers (Re: Dutch Transport Card Broken)
daemon@ATHENA.MIT.EDU (Frank Siebenlist)
Fri Feb 1 14:46:59 2008
Date: Fri, 01 Feb 2008 07:18:10 -0800
From: Frank Siebenlist <franks@mcs.anl.gov>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: cryptography@metzdowd.com
In-Reply-To: <E1JKjmy-00021z-8c@wintermute01.cs.auckland.ac.nz>
This is a cryptographically signed message in MIME format.
--------------ms070704090102000408000700
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Peter Gutmann wrote:
> "Perry E. Metzger" <perry@piermont.com> writes:
>
>>> SSL involves digital certificates.
>> Not really, James Donald/George W. Bush. It involves public keys, and it
>> provides a channel by which X.509 certificates can be exchanged,
>
> Actually it doesn't even require X.509 certs. TLS-SRP and TLS-PSK provide
> mutual authentication of client and server without any use of X.509. The only
> problem has been getting vendors to support it, several smaller
> implementations support it, it's in the (still unreleased) OpenSSL 0.99, and
> the browser vendors don't seem to be interested at all, which is a pity
> because the mutual auth (the server has to prove possession of the shared
> secret before the client can connect) would significantly raise the bar for
> phishing attacks.
>
> (Anyone have any clout with Firefox or MS? Without significant browser
> support it's hard to get any traction, but the browser vendors are too busy
> chasing phantoms like EV certs).
That's actually a sad observation.
I keep telling my colleagues that this technology is coming "any day
now" to a browser near you - didn't realize that that there was no
interest with the browser companies to add support for this...
Why do the browser companies not care?
What is the adoption issue?
Still the dark cloud of patents looming over it?
Not enough understanding about the benefits? (marketing)
Economic reasons that we wouldn't buy anymore server certs?
-Frank.
--
Frank Siebenlist franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
--------------ms070704090102000408000700
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAMYICGDCC
AhQCAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0
eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EC
EG0wSl2Ly9rZItcrGMgdfacwCQYFKw4DAhoFAKCCAYQwHAYJKoZIhvcNAQkFMQ8XDTA4MDIw
MTE1MTgxMFowUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAw
DQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYcGCyqGSIb3DQEJEAIL
MXigdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEG0w
Sl2Ly9rZItcrGMgdfacwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNV
BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBtMEpdi8va2SLXKxjIHX2nMAIGAAQAAAAAAAAA
--------------ms070704090102000408000700--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
