[114447] in cryptography@c2.net mail archive
Re: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Feb 1 15:01:37 2008
Date: Fri, 1 Feb 2008 19:58:16 +0000
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: jamesd@echeque.com, perry@piermont.com, cryptography@metzdowd.com
In-Reply-To: <E1JKjmy-00021z-8c@wintermute01.cs.auckland.ac.nz>
On Fri, 01 Feb 2008 13:29:52 +1300
pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote:
> Actually it doesn't even require X.509 certs. TLS-SRP and TLS-PSK
> provide mutual authentication of client and server without any use of
> X.509. The only problem has been getting vendors to support it,
> several smaller implementations support it, it's in the (still
> unreleased) OpenSSL 0.99, and the browser vendors don't seem to be
> interested at all, which is a pity because the mutual auth (the
> server has to prove possession of the shared secret before the client
> can connect) would significantly raise the bar for phishing attacks.
>
> (Anyone have any clout with Firefox or MS? Without significant
> browser support it's hard to get any traction, but the browser
> vendors are too busy chasing phantoms like EV certs).
>
The big issue is prompting the user for a password in a way that no one
will confuse with a web site doing so. Given all the effort that's
been put into making Javascript more and more powerful, and given
things like picture-in-picture attacks, I'm not optimistic. It might
have been the right thing, once upon a time, but the horse may be too
far out of the barn by now to make it worthwhile closing the barn door.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
